[openssl-users] Failed to access LDAP server when a valid certificate is at <hash>.1+

Viktor Dukhovni openssl-users at dukhovni.org
Sat Oct 21 20:21:09 UTC 2017

On Oct 21, 2017, at 11:20 AM, Misaki Miyashita <misaki.miyashita at oracle.com> wrote:

> We encountered a problem using OpenLDAP with OpenSSL when there were more than one certificate with the same subject.
> Does OpenSSL stop searching for a valid certificate when it finds a certificate with matching DN?

Yes, when a matching issuer is found in the trust store, but is expired
no alternative certificates will be tested.  You need to remove outdated
issuer certificates from your trust store before they expire.


More information about the openssl-users mailing list