Package: debian-edu-config Version: 2.10.64 Severity: importantI just tested a Debian Edu 10 installation against a Debian Edu 8 TJENER. The LDAP certificate on the jessie TJENER had been created wrongly (subject: CN=localhost, issuer: CN=localhost).
The new gnutls-cli implemenation in fetch-ldap-cert now chokes on that with this error:
```gnutls-cli --x509cafile /etc/ssl/certs/debian-edu-bundle.crt --save-cert=/etc/ssl/certs/debian-edu-server.crt.new ldap.intern
[...]Status: The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected.
``` This probably needs to be addressed by documentation. Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
Attachment:
pgpZpngmeeTW7.pgp
Description: Digitale PGP-Signatur