[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Storing certs for remote servers ref'd by back-ldap



Tony et al,

ok i have the certs now working when I use the ldapsearch utility, with the 
TLS_CACERT configuration option in ldap.conf. However, when I try to use 
back-ldap in slapd to query the same server, I need to be able to tell slapd 
where the certificate is -- and it does not seem to (i) read ldap.conf, or 
(ii) accept the same configuration option in slapd.conf.

What have I missed?

Thanks for your reply Tony,

Stephen Brandon

On Thursday 07 November 2002 09:16, you wrote:
> ons, 2002-11-06 kl. 15:35 skrev Stephen Brandon:
> > I have just tried to point the back-ldap backend at a ldaps:// source,
> > and it's complaining about the certificate being self-signed. I have a
> > copy of the certificate in question, in DER format.
> >
> > - in which config file do I put a reference to the certificate? It's not
> > one of the TLS config options, since they are for running slapd on a
> > secure port.
> >
> > - what format should the cert be in? Do I need to use openssl to convert
> > it to some other form?
>
> DER encoded certs won't work, you need PEM encoded such.
>
> Look back in this list a couple of days and you'll see how to convert
> DER to PEM.
>
> Best,
>
> Tony