Re: tsl troubles

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Saturday, September 04, 2004 1:06 PM -0700 "Kurt D. Zeilenga" 
<Kurt@OpenLDAP.org> wrote:

> At 12:40 PM 9/4/2004, SUBREDU Manuel wrote:
> > Kurt D. Zeilenga wrote:
> > > At 11:45 AM 9/4/2004, SUBREDU Manuel wrote:
> > > This doesn't require client certificates, just an server certificate.
> > > A client certificate would only be needed if the LDAP client desired
> > > to use TLS-based client authentication.
> >
> > Hmmm .. you are saying that the client can connect to the server using
> > _just_ the server certificate ?

Much like when you use a web browser to visit a web site.  Your web browser 
doesn't need to present a client certificate to create an encrypted 
session.  Just the web server needs to have a server certificate.  The web 
browser just needs to have the CA's available to validate the server's cert.

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html