[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: clarification on ldap with ssl/tls
On Apr 22, 2013, at 12:40 PM, Rodney Simioni wrote:
> Hi,
> I’ve been tasked to enable ssl/tls on ldap. The server already has a certificate and key file. After looking at documentation, these are the three files that are needed
> In the ldap.conf file:
>
> TLSCertificateFile /etc/openldap/servercrt.pem
> TLSCertificateKeyFile /etc/openldap/serverkey.pem
> TLSCACertificateFile /etc/openldap/cacert.pem
>
> I already have the TLSCertificateFile and TLSCertificateKeyFile but I don’t have the TLSCACertificateFile. Is that something I have to generate?
----
if you're willing to accept any old certificate and in fact, not even bother checking certificates then no (TLS_REQCERT never).
if you've been tasked to enable ssl/tls you might actually want to learn how certificates work as this really is not an OpenLDAP question.
Craig