[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS/SSL and self-signed certificates



Rick Stevens <rps2@socal.rr.com> writes:

> Dieter Kluenter wrote:
>> Hi,
[...]
>> OK, could you please provide the TLS related entries of slapd.conf
>> and ldap.conf? It seems that the server is not providing a server
>> certificate but a CA.
>
> Okey doke.  Here they are:
>
> TLSCACertificateFile    /usr/local/etc/openldap/gbsbilling-cert.pem
> TLSCertificateFile      /usr/local/etc/openldap/bigdog-cert.pem
> TLSCertificateKeyFile   /usr/local/etc/openldap/bigdog-key.pem

This is only the content of slapd.conf, the relevant content of
ldap.conf(5) is still missing, ldapsearch requires at least the path
to CA, further information on the level of certificate checks and the
prefered cipher suits are recommended options.

-Dieter 

-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E