[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS errors out



Please don't hit me if this is a stupid question :-)
but

Howard Chu wrote:
The cert that was used to sign your server's cert is not contained in the
cacert file that you specified for your client. Try putting the correct certs
in place. Since your server cert is self-signed that means your server cert
must be present in the cacert file. Note that using self-signed certs for
individual servers is extremely unwise.


could you tell me why it is unwise? I am setting up openLDAP on a server behind my firewall. It should only be accessed
from my firewalled network and via a VPN to another network owned
by my company.. possibly via VPN to roaming clients as well.
You seem to be recommending that I pay for a cert? I was hoping
to create my own. Again, sorry if I'm misunderstanding, but I'm
not that keen on spending money on certs.


Thanks

Bill Dossett