[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: help SSL on Openldap and java



s g <sirisha.kmb@gmail.com> writes:

> Thanks for replying. I was a bit occupied, so I could not back soon. Going by your mail, I went through
> the certificate generation process again. What I found is that for some reason, the cacert.pem file
> (which is the certificate for the CA) shows the following -
>  X509v3 extensions:
>             X509v3 Basic Constraints:
>                 CA:FALSE
> I am attaching the steps I followed and the certificate files generated as per the tutorial
> http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#4.2.

Did you read the note on top of this paper?
>
> Shouldn't the above field be CA:true? Also, how do I make sure that the flag that you mentioned below
> gets set to "SSL server".

edit openssl.cnf accordingly, or use tinyCA to create a certificate
chain
http://tinyca.sm-zone.net/index.html

-Dieter

-- 
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6