[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: help SSL on Openldap and java
s g <sirisha.kmb@gmail.com> writes:
> Our requirement is that we need to test if a server certificate from
> Openldap server is valid and then upload to our trust store and use the
> certificate for further communications using SSL to the ldap server.
> I configured Openldap for SSL as per the Openldap admin guide - generated
> the 3 certificates cacert.pem,servercert.pem and serverkey.pem and put the
> corresponding entries in slapd.conf file. My assumption is cacert.pem is
> the file for the CA,servercert.pem is the server certificate file(?!) and
> the serverkey.pem is the file containing the private key to the server.
> After configuring my client ldap.conf file to point to cacert.pem as per
> the following directives -
>
> TLS_CACERTDIR <path to my cacert.pem file>
> TLS_REQCERT hard
[...]
I would recommend to use TLS_CACERT <path to cacert.pem>
The parameter CACERTDIR requires the CA's in this directory to be
hashed.
-Dieter
--
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6