[Date Prev][Date Next] [Chronological] [Thread] [Top]

Multiple certificates in slapd

To: openldap-technical@openldap.org
Subject: Multiple certificates in slapd
From: Olivier Nicole <Olivier.Nicole@cs.ait.ac.th>
Date: Mon, 23 Nov 2015 14:40:48 +0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.ait.ac.th; h= content-type:content-type:mime-version:message-id:date:date :subject:subject:from:from:received:received:received; s= selector1; t=1448264449; x=1450078850; bh=t2eh3iFTYt7IMdWsoqG0AV t6hHq4MGu+5UtyQCpUSbQ=; b=XiEIXROthMGz68OqMng6GOxSB9cW2u5MKIIitL h69Z4X0fuG7L1/KeVDOuTkoo7Nft5k73sh+Hrs3nRU8CEqRmYfoIbQYbhBvrYlv9 tFRUAaKkUdSBALkH4JxIAbMBoTCDCXmpQIVSuIIFkab55NBoeK2rB4HPkw9r8690 Vuk2c=

Hi,

I am planing a transition of the certificate I use in OpenLDAP for LDAP
over SSL (port 636).

My selft signed certificate is quite old and has become obsolete/not
recognized on some systems (for example Mac OS 10.11) so it is time to
update.

But I have many systems that use LDAP and updating all of them cannot be
done at once.

So I was wondering if it is possible to have one single slapd process
running with several posut open over SSL, keeping port 636 with the old
certificate and opening port 637 with the new certificate.

That way, i can transition the clients at my onw pace, not needing to do
all at same time.

I know that I could set-up a slave server, but that would be not as
transparent s0 I'd prefer my idea of havingslapd -h
ldaps://192.168.10.1:636/ ldaps:/192.168.10.1:637/ each using a
different certificate.

Thanks in advance,

Olivier
--

Follow-Ups:
- Re: Multiple certificates in slapd
  - From: Jarbas Peixoto Júnior <jarbas.junior@gmail.com>

Prev by Date: Re: questions about memberof-refint option
Next by Date: RE: Getting around the single-threaded syncrepl model?
Index(es):
- Chronological
- Thread