[Date Prev][Date Next] [Chronological] [Thread] [Top]

CRL Certificate



I've been playing with OpenSwan the last week and learned how
to revoke certificates in the process. Usage of the CRL cert...

In my slapd.conf's I have:

TLSCACertificateFile    /etc/ldap/cacert.pem
TLSCertificateFile      /etc/ldap/ldapsrv?_domain_tld.pub
TLSCertificateKeyFile   /etc/ldap/ldapsrv?_domain_tld.prv
TLSVerifyClient         try

Where would the CRL cert fit in this? From what I can tell
of the man page, nowhere. 

I have authentication with X.509 certificates enabled
(not that anyone's using that at the moment, but...) so
I would like the chance of making sure to reject revoked
certificates...