eDirectory auth with TLS on Debian apache
I have several Debian and SLES apache servers that have directories authenticating to our Netware eDirectory via authnz_ldap. It works fine when it's not encrypted, but when I try to use TLS encryption, only the SLES servers work.
The Debian boxes all log this error:
[LDAP: ldap_start_tls_s() failed][Connect error]
When I try doing an ldapsearch from the Debian boxes over TLS, I get this:
SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
The Apache documentation seems to suggest that I need to point to a certificate using something like LDAPTrustedGlobalCert, but I don't see the SLES servers doing this anywhere, and they appear to be working.
Can anyone give me a shove in the right direction here?