[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems using OpenLDAP 2.1 client libraries to connect to OpenLDAP 2.0 server



At 02:31 PM 3/23/2003, marc.bigler@day.com wrote:

>>See http://www.openldap.org/faq/data/cache/185.html for the requirements
>>of using TLS/SSL in the 2.1 version, as you have noticed the behaviour
>>of the library has slightly changed in this regard.
>
>Many thanks, that was exactly my problem and I could solve it reading this
>FAQ, I didn't know OpenLDAP 2.1.x requires the CA certificate.

Actually, OpenLDAP 2.1 does NOT require a CA certificate.  It
requires knowledge that the signing certificate is valid.  If you
have a self-signed certificate, then it must have direct knowledge
that the certificate is valid.  This is done by placing a copy
of the certificate where OpenSSL looks for CA certificates.

(don't confuse a self signed certificate with a certificate
signed by self-signed CA certificate.... those are also supported).

>Now another question I generated a new certitificate using the FAQ but
>unfortunately it only does a 365 days cert, I would be interested in
>genrating a 3650 (10 years) cert, so I added -days 3650 to the openssl
>command but then when I run "CA.sh -sign" it only sees 1 year. Am I missing
>something ?

Suggest you direct openssl questions to the openssl list.