[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem verifying self signed certificate

To: Peter Marschall <peter@adpm.de>
Subject: Re: Problem verifying self signed certificate
From: Tony Earnshaw <billy@billy.demon.nl>
Date: Sun, 04 Sep 2005 18:45:13 +0200
Cc: James Wilde <james_wilde@glocalnet.com>, Openldap list <openldap-software@OpenLDAP.org>
In-reply-to: <200509041745.30804.peter@adpm.de>
Organization: Billy
References: <5F6B0055276D6E4881966897D19A45E201C7D401@brimo.glocalnet.com> <200509041745.30804.peter@adpm.de>

søn, 04.09.2005 kl. 17.45 skrev Peter Marschall:


[...]

> > I'd very much appreciate a hint as to what might be the problem and how
> > to fix it.
> 
> AFAIK this is expected behaviour as you cannot use a self-signed server 
> certificate with openLDAP.

Of course you can. I've been doing it for years ... And so have hundreds
of thousands of others.

> OpenLDAP expects you to use a server certificate that is different from the 
> certificate of the issueing CA.

"OpenLDAP expects you to use a server certificate that is different from
the CA certificate", but that's a different matter.

If OP had described exactly *how* he had made his certs, and then tested
them, using openssl's facilities, perhaps we'd get closer to the answer.

http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html

--Tonni

-- 
mail: billy@billy.demon.nl
http://www.billy.demon.nl

References:
- Problem verifying self signed certificate
  - From: "James Wilde" <james_wilde@glocalnet.com>
- Re: Problem verifying self signed certificate
  - From: Peter Marschall <peter@adpm.de>

Prev by Date: Re: Q: how can I dynamically rewrite updates?
Next by Date: Glue, relay, chain, rwm, meta - which one?
Index(es):
- Chronological
- Thread