[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Problem connecting using TLS

To: "'Robert Fitzpatrick'" <robert@webtent.com>
Subject: RE: Problem connecting using TLS
From: "Howard Chu" <hyc@symas.com>
Date: Mon, 20 Oct 2003 15:42:38 -0700
Cc: "'OpenLDAP'" <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <1066685568.14927.25.camel@columbus.webtent.org>

You must have a copy of the CA cert on all client machines, as stated in the
documentation.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Robert
Fitzpatrick

> On Mon, 2003-10-20 at 16:10, Howard Chu wrote:
>
> > Wrong. You need to use "tls_cacert" for the CA cert, not "tls_cert".
> >
> > tls_cert is for a client certificate, which as Dieter says,
> > you don't have.

> Thanks to you both. So, I can either have tls_cacert pointing to the
> cacert of the server -OR- tls_cert with a generated client cert signed
> by the server CA? I would prefer the latter so as not to have to
> generate a client cert for all machines that need to communicate using
> TLS.
>
> --
> Robert
>
>
>

References:
- RE: Problem connecting using TLS
  - From: Robert Fitzpatrick <robert@webtent.com>

Prev by Date: Re: Problem connecting using TLS
Next by Date: TLS with GQ
Index(es):
- Chronological
- Thread