[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cetificate issue with ldaps

To: <openldap-software@openldap.org>
Subject: Re: cetificate issue with ldaps
From: "Rafal \(sxat\)" <gonzak@op.pl>
Date: Fri, 29 Dec 2006 14:32:52 +0100
References: <1950179.1167295512461.JavaMail.www@wwinf4106>

>TLS_CACERT /usr/local/etc/raddb/RTFE/conca.pem
>TLS_REQCERT demand
>My issue is that the ssl connexion still works if i comment  the line with
>TLS_CACERT /usr/local/etc/raddb/RTFE/conca.pem.
>and it should not because without this certificate authority my openldap
proxy should not be able to >check the certificate sent by the backend ldap.
>TLS certificate verification: Error, self signed certificate in certificate
chain
>but it works with this error.

You must have your root CA -> selfsigned after you create
- CA and key for your LDAP server
- CA anad key for client

both  CA(client,server) you must sign by your CA root certificate

pozdr
rafal

Follow-Ups:
- Re: cetificate issue with ldaps
  - From: Owen DeLong <owen@delong.com>

References:
- cetificate issue with ldaps
  - From: "jerrrry@voila.fr" <jerrrry@voila.fr>

Prev by Date: RE: Slapd fails to terminate
Next by Date: my LDAP crash with SASL authentication
Index(es):
- Chronological
- Thread