[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS errors out

To: bd@emtex.com
Subject: Re: TLS errors out
From: Peter Marschall <peter.marschall@mayn.de>
Date: Fri, 25 Oct 2002 13:39:31 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3DB9171D.1090202@emtex.com>
Organization: ADPM
References: <00d301c27b91$64d61020$0e01a8c0@CELLO> <3DB9171D.1090202@emtex.com>
User-agent: KMail/1.4.3

Hi,

On Friday 25 October 2002 12:04, Bill Dossett wrote:
> You seem to be recommending that I pay for a cert?  I was hoping
> to create my own.  Again, sorry if I'm misunderstanding, but I'm
> not that keen on spending money on certs.

You do not need to pay for a cert.
All you need to do is to create a self signed CA cert
(if you do not already have a CA in your company),
then create a cert req for the OpenLDAP server
and sign it using the CA cert to create the server cert.

This way you can 
* have different server / client keys signed by the same CA
* replace the server cert without destroying the whole trust scenario
* ....

Yours
Peter
-- 
Peter Marschall     |   eMail: peter.marschall@mayn.de
Scheffelstraße 15   |          peter.marschall@is-energy.de
97072 Würzburg      |   Tel:   0931/14721
PGP:  D7 FF 20 FE E6 6B 31 74  D1 10 88 E0 3C FE 28 35

References:
- RE: TLS errors out
  - From: "Howard Chu" <hyc@highlandsun.com>
- Re: TLS errors out
  - From: Bill Dossett <bd@emtex.com>

Prev by Date: Re: Help in setting up Ldap Address book
Next by Date: RE: Multimaster further work
Index(es):
- Chronological
- Thread