[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: help SSL on Openldap and java



s g <sirisha.kmb@gmail.com> writes:

>     Our requirement is that we need to test if a server certificate from
>     Openldap server is valid and then upload to our trust store and use the
>     certificate for further communications using SSL to the ldap server.
>     I configured Openldap for SSL as per the Openldap admin guide - generated
>     the 3 certificates cacert.pem,servercert.pem and serverkey.pem and put the
>     corresponding entries in slapd.conf file. My assumption is cacert.pem is
>     the file for the CA,servercert.pem is the server certificate file(?!) and
>     the serverkey.pem is the file containing the private key to the server.
>     After configuring my client ldap.conf file to point to cacert.pem as per
>     the following directives -
>    
>     TLS_CACERTDIR <path to my cacert.pem file>
>     TLS_REQCERT hard
[...]

I would recommend to use TLS_CACERT <path to cacert.pem>
The parameter CACERTDIR requires the CA's in this directory to be
hashed. 

-Dieter

-- 
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6