[Date Prev][Date Next] [Chronological] [Thread] [Top]

Setting certificate file for client

To: openldap-software@OpenLDAP.org
Subject: Setting certificate file for client
From: Simone Piccardi <simonepi@chl.it>
Date: 19 Aug 2002 19:29:19 +0200

I'm getting some trouble using LDAP over TLS/SSL. I'm using
openldap-2.0.23. 

The problem is that I can authenticate the server from the clients but
not the vice-versa. I would like to autenticate the clients, so I put:

TLSVerifyClient         1

(tried using hard, or demand, instead of 1, but this is the only way it
worked). This way I can authenticate only if I have something like:
 
TLS_CACERT      /etc/ssl/certs/cacert.pem
TLS_CERT        /etc/ssl/certs/newcert.pem
TLS_KEY         /etc/ssl/certs/newkey.pem

in .ldaprc, sending the client certificate. The problem seems that there
is no way to set things system-wide and then I cannot autheticate when
using libnss-ldap.

There is any vay I can set a client certificate to system-wide use? I
tried to put the same lines inside ldap.conf, but no results.

Thanks anyway
Simone

Follow-Ups:
- RE: Setting certificate file for client
  - From: "Howard Chu" <hyc@symas.com>

Prev by Date: Re: Install Make Test Issue
Next by Date: Re: Install Make Test Issue
Index(es):
- Chronological
- Thread