[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: replication and tls

To: openldap-software@OpenLDAP.org
Subject: Re: replication and tls
From: richard lucassen <mailinglists@lucassen.org>
Date: Sun, 14 May 2006 13:16:58 +0200
In-reply-to: <f6dd1aa20605131853m7bfe398anacc156124f9e819c@mail.gmail.com>
Organization: XAQ Systems
References: <20060513171513.3ec3e480.mailinglists@lucassen.org> <f6dd1aa20605131853m7bfe398anacc156124f9e819c@mail.gmail.com>

On Sat, 13 May 2006 22:53:21 -0300
"Francisco Saito" <fksaito@gmail.com> wrote:

> Add a clausule:
> tls=critical  after bindmethod=simple credentials=secret

It now works fine, I had generated certificates with the SSL-client flag
set, not the SSL-server flag. For future googlers: To check certs you
can use the following command:

$ openssl x509 -in ldapslave.example.com-cert.pem -purpose -noout
Certificate purposes:
SSL client : No
SSL client CA : No
SSL server : Yes
SSL server CA : No
Netscape SSL server : Yes
Netscape SSL server CA : No
S/MIME signing : No
S/MIME signing CA : No
S/MIME encryption : No
S/MIME encryption CA : No
CRL signing : Yes
CRL signing CA : No
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : No

R.

-- 
___________________________________________________________________
It is better to remain silent and be thought a fool, than to speak
aloud and remove all doubt.

+------------------------------------------------------------------+
| Richard Lucassen, Utrecht                                        |
| Public key and email address:                                    |
| http://www.lucassen.org/mail-pubkey.html                         |
+------------------------------------------------------------------+

References:
- replication and tls
  - From: richard lucassen <mailinglists@lucassen.org>
- Re: replication and tls
  - From: "Francisco Saito" <fksaito@gmail.com>

Prev by Date: Re: replication and tls
Next by Date: ppolicy info...
Index(es):
- Chronological
- Thread