On Thu, Jul 24, 2008 at 04:04:10PM -0700, Quanah Gibson-Mount wrote:
Any client will need to know about the CA that signed your self-signed cert.
I created my certificate with:
openssl req -new -x509 -nodes -out /etc/ssl/ldap.pem -keyout /etc/openldap/ssl/ldap.pem -days 3650
In slapd.conf I have:
TLSCertificateFile /etc/ssl/ldap.pem TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem TLSCACertificateFile /etc/ssl/ldap.pem
What do I need to do differently?
Create your own CA first? Then sign your own certs with it.
<http://www.tc.umn.edu/~brams006/selfsign.html>
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration