[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Multi-homed machine and TLS

To: "Tay, Gary" <Gary_Tay@platts.com>
Subject: RE: Multi-homed machine and TLS
From: Greg Matthews <gmatt@nerc.ac.uk>
Date: Thu, 16 Sep 2004 09:20:59 +0100
Cc: openldap <openldap-software@OpenLDAP.org>
In-reply-to: <A04B6AE6ED3BD742B64D5B17093F64E2912EBF@IMSSGPX01.ims.mhm.mhc>
Organization: iTSS
References: <A04B6AE6ED3BD742B64D5B17093F64E2912EBF@IMSSGPX01.ims.mhm.mhc>

whether you paid for certs or not is irrelevant - the process is the
same. You create _one_ CA (using openssl if you wish) which you use to
sign cert requests for each server. the client then needs _one_ copy of
the CA certificate to verify each of the server certs.

I dont mean to be rude but this is fundamental stuff. I admit it can be
a bit confusing when starting out but you should make sure you
understand this stuff or take it to a relevant mailing list.

GREG

On Wed, 2004-09-15 at 19:19, Tay, Gary wrote:
> Again, if I am not wrong, let me clarify:
>  
> The two certs in my cacert.pem at my LDAP clients are neither Server
> cert or CA certs, they are "Server Certs Self-Signed by a CA Cert
> generated at the server". The file name happened to be named
> "cacert.pem", one can call it anything.
>  
> I did not send any server cert to valid CA and paid for the signing
> service. Most testing systems use self signed certs.
>  

-- 
Greg Matthews
iTSS Wallingford	01491 692445

References:
- RE: Multi-homed machine and TLS
  - From: "Tay, Gary" <Gary_Tay@platts.com>

Prev by Date: Re: configure: error: Berkeley DB version mismatch
Next by Date: Re: Multi-homed machine and TLS
Index(es):
- Chronological
- Thread