[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slapd, GNUTLS on Debian/Squeeze



Hello,

Le ven. mai 20 2011 ï 02:43:46 -0300, Reinaldo de Carvalho dit :
> On Fri, May 20, 2011 at 6:50 AM, David Dumortier <d.dumortier@free.fr> wrote:
> [...]
> > I generated a self-signed certificate with these options :
> > certtool --generate-privkey --outfile /etc/ldap/ssl/mykey.key
> > certtool --generate-request --load-privkey /etc/ldap/ssl/mykey.key --outfile
> > /etc/ldap/ssl/mycsr.csr
> [..]
> > Here is my slapd conf :
> > olcTLSVerifyClient: demand
> > olcTLSCertificateFile: /etc/ldap/ssl/mycsr.csr
> > olcTLSCertificateKeyFile: /etc/ldap/ssl/mykey.key
> >
> 
> CSR = Certificate signing request [1]
> 
> # Create a private key and a self-signed certificate (public key inside).
> $ openssl req -x509 -newkey rsa:2048 -nodes -key Example_CA.key -out
> Example_CA.cer -days 7305

As I mentioned it is a gnutls version of slapd (Debian specific compilation)
As far as I know (I'm not a expert in certificat), the certtool option is
--generate-self-signed to obtain the same result as your command.
I start to believe I'll have to compile my own version of openldap with openSSL
support :-)

> [1] http://en.wikipedia.org/wiki/Certificate_signing_request

Thank you for the pointer I understand a little more certificates.

> -- 
> Reinaldo de Carvalho
> http://korreio.sf.net
> http://python-cyrus.sf.net
> 
> "While not fully understand a software, don't try to adapt this
> software to the way you work, but rather yourself to the way the
> software works" (myself)
Wise sentence :-)

-- 
David Dumortier