[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Client says Can't contact LDAP server, but it can!



--On Thursday, July 24, 2008 4:13 PM -0700 John Oliver <joliver@john-oliver.net> wrote:

On Thu, Jul 24, 2008 at 04:04:10PM -0700, Quanah Gibson-Mount wrote:

Any client will need to know about the CA that signed your self-signed cert.

I created my certificate with:

openssl req -new -x509 -nodes -out /etc/ssl/ldap.pem -keyout
/etc/openldap/ssl/ldap.pem -days 3650

In slapd.conf I have:

TLSCertificateFile /etc/ssl/ldap.pem
TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem
TLSCACertificateFile /etc/ssl/ldap.pem

What do I need to do differently?

Create your own CA first? Then sign your own certs with it.

<http://www.tc.umn.edu/~brams006/selfsign.html>

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration