I've been following the instructions to secure Kolab (sry cannot link but is: docs dot kolab dot org slash howtos slash secure-kolab-server dot html) and have got stuck with the 389 Directory Service LDAP section. Note: I am aware it can be skipped but I had long term plans to access the service from remote machines. Log files show Code: Peer does not recognize and trust the CA that issued your certificate Each step of the process appears to work fine. However at the end I cannot connect securely: Code: [[email protected] Standard connection seems to work fine: Code: [[email protected] And I think an openssl connection works too: Code: [[email protected][email protected][email protected][email protected] Access log file shows following for failed ldaps connection: Code: [28/Sep/2015:11:13:38 +091800] conn=17 fd=64 slot=64 SSL connection from ::1 to ::1 [28/Sep/2015:11:13:38 +091800] conn=17 op=-1 fd=64 closed - Peer does not recognize and trust the CA that issued your certificate. Error log shows following at startup: Code: [28/Sep/2015:10:48:23 +091800] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert Server-Cert of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8179 - Peer's Certificate issuer is not recognized.) I have tried numerous things, mostly variants of either moving the various .crt, .pem and .key files to different locations and adding the CA chain block to the end of the anything I can think of. But I feel I am shooting blind and am probably doing more damage than good at this point. This is a clean recent install of CentOS 7 and Kolab. Some specific guidance on where I need to be looking would be greatly appreciated.