[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problems with openldap2.1.4 and TLS/SSL
OpenLDAP 2.1 supports self-signed certificates... you just need
to tell the client how to verify it.
For example:
env LDAPTLS_CACERT=/path/to/server.pem ldapsearch -x -s base \
-H ldaps://ldap.openldap.org/
Kurt
At 06:54 AM 2002-09-24, Frank Swasey wrote:
>Today at 3:26pm, Mathias Meisfjordskar wrote:
>
>> > > openssl req -new -x509 -nodes -out server.pem -keyout server.pem
>> > > -days 365
>> >
>> > Aha! You generated a self-signed certificate. That doesn't work with
>> > OpenLDAP 2.1! You have to have a real certificate (something
>> > certified by a CA).
>>
>> Uhm... No, self-signed certificates should be just fine:
>
>The process you describe is not the same as what was done by the person
>I replied to. You have created your own CA and then used it to sign a
>request. He/She created a certificate and used it without having it
>signed by a CA. See the difference?
>
>--
>Frank Swasey | http://www.uvm.edu/~fcs
>Systems Programmer | Always remember: You are UNIQUE,
>University of Vermont | just like everyone else.
> === God Bless Us All ===