[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS errors out

Subject: Re: TLS errors out
From: Bill Dossett <bd@emtex.com>
Date: Fri, 25 Oct 2002 11:04:13 +0100
Cc: openldap-software@OpenLDAP.org
References: <00d301c27b91$64d61020$0e01a8c0@CELLO>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0

Please don't hit me if this is a stupid question :-)
but

Howard Chu wrote:

The cert that was used to sign your server's cert is not contained in the
cacert file that you specified for your client. Try putting the correct certs
in place. Since your server cert is self-signed that means your server cert
must be present in the cacert file. Note that using self-signed certs for
individual servers is extremely unwise.

could you tell me why it is unwise? I am setting up openLDAP on a server behind my firewall. It should only be accessed from my firewalled network and via a VPN to another network owned by my company.. possibly via VPN to roaming clients as well. You seem to be recommending that I pay for a cert? I was hoping to create my own. Again, sorry if I'm misunderstanding, but I'm not that keen on spending money on certs.

Thanks

Bill Dossett

Follow-Ups:
- Re: TLS errors out
  - From: Peter Marschall <peter.marschall@mayn.de>
- Re: TLS errors out
  - From: Tony Earnshaw <tonni@billy.demon.nl>

References:
- RE: TLS errors out
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: unknown directive
Next by Date: Re: Access Control List question for Open LDAP
Index(es):
- Chronological
- Thread