[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SSL/TLS problem
On Tue, 24 May 2005, Arnaud Fontaine wrote:
[cut]
I added these line to /etc/ldap/slapd.conf :
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSVerifyClient demand
Above, you are telling slapd to demand a certificate from your
LDAP client and terminate the session immediately if the client
fails to provide one. If this is intended, provide your client with
an appropriate certificate and add an appropriate TLS_CERT option
to your ldap.conf(5). If not intended, you should remove this line.
TLSCACertificateFile /etc/ldap/cfg/ssl/cacert.pem
TLSCertificateFile /etc/ldap/cfg/ssl/servercrt.pem
TLSCertificateKeyFile /etc/ldap/cfg/ssl/serverkey.pem
And these lines to /etc/ldap/ldap.conf :
TLS_CACERT /etc/ldap/cfg/ssl/cacert.pem
TLS_REQCERT demand
[cut]
--
Kirk Turner-Rustin | Programmer/Analyst
Ohio Wesleyan University | Libraries and Information Services
http://www.owu.edu | http://lis.owu.edu