[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: tsl troubles



At 12:40 PM 9/4/2004, SUBREDU Manuel wrote:
>Kurt D. Zeilenga wrote:
>>At 11:45 AM 9/4/2004, SUBREDU Manuel wrote:
>>This doesn't require client certificates, just an server certificate.
>>A client certificate would only be needed if the LDAP client desired
>>to use TLS-based client authentication.
>
>Hmmm .. you are saying that the client can connect to the server using _just_ the server certificate ?

TLS, without client-authentication, normally involves (as discussed
in the Admin Guide "Using TLS" chapter):
  1) creation of a server certificate, via certificate (e.g., OpenSSL) tools
  2) configuration of the server (e.g., slapd.conf(5)) to use the server certificate
  3) configuration of the client (e.g., ldap.conf(5)) with knowledge (e.g., the
     CA certificate) needed to verify the server's certificate.

Kurt