We're using Verisign certs on our servers and I'm tyring to get ICE to
work on 636, but I keep getting the dreaded error 81 (can't contact LDAP
server) along with the "bad cert" response in a packet trace. I can use
636 from LDAP browsers and whatnot. I'm using DER format certs and have
tried both the G3 and G5 Verisign intermediates, the Verisign rootCA
cert, I even exported both the Verisign trusted root and the server cert
out of the server's ndsPKI object. Nothing I do seems to work. Do I
need to try to store the entire cert chain as a DER file? I've searched
and found plenty of references to pulling the tree's CA info to use
that, but I haven't come across anyone doing third party certs with ICE
(or maybe my searching skill are just lacking).

infinity9999's Profile: https://forums.netiq.com/member.php?userid=1343
View this thread: https://forums.netiq.com/showthread.php?t=47746