Im trying to set up Novell Data Synchronizer. I have to use a secure
SSL LDAP Connection. The Server is SLES11 SP1.
But when I try to connect to our eDir-Server (OES2), I get an error:
Connection to the LDAP server cannot be established.
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed (self signed certificate in certificate chain)
I think, the LDAP-Client doesnt trust the LDAP-Server.
So I exported the Certificate in ConsoleOne (SSL CertificateDNS -
Servername) as *.der.
But what have I to do on the LDAP-Client with this Certificate?

I tried to set up the LDAP-Client in Yast for testing. I get the same
error here.
So I renamed the Cert-File from *.der to *.pem and configured the
LDAP-Client in Yast to use this Certificate-File
(Yast --> LDAP-Client Configuration --> Advanced Configuration --> CA
Certificate File)
but now the LDAP-Client (Yast) crashes as soon as it tries to connect to
the LDAP-Server.
Error: terminate called after throwing an instance of 'LDAPException'
what(): Local error
YaST got signal 6 at YCP file Ldap.ycp:1372 /sbin/yast2: line 471: 4849
$ybindir/y2base $module "$ @" "$SELECTED_GUI" $Y2_GEOMETRY $Y2UI_ARGS

So I dont know what Im doing wrong. I think, the first mistake was
renaming the Cert-File, but ConsoleOne exports it as *.der and Yast-Ldap
requires *.pem or *.crt
After editing the /etc/ldap.conf without using Yast-Ldap-Config and
tls_cacertfile /path/to/der-File, the LDAP-Client throws the same

Thanks for your help!

Ronnenberg's Profile: https://forums.netiq.com/member.php?userid=4042
View this thread: https://forums.netiq.com/showthread.php?t=46606