[Date Prev][Date Next] [Chronological] [Thread] [Top]

Multiple certificates in slapd



Hi,

I am planing a transition of the certificate I use in OpenLDAP for LDAP
over SSL (port 636).

My selft signed certificate is quite old and has become obsolete/not
recognized on some systems (for example Mac OS 10.11) so it is time to
update.

But I have many systems that use LDAP and updating all of them cannot be
done at once.

So I was wondering if it is possible to have one single slapd process
running with several posut open over SSL, keeping port 636 with the old
certificate and opening port 637 with the new certificate.

That way, i can transition the clients at my onw pace, not needing to do
all at same time.

I know that I could set-up a slave server, but that would be not as
transparent s0 I'd prefer my idea of havingslapd -h
ldaps://192.168.10.1:636/ ldaps:/192.168.10.1:637/ each using a
different certificate.

Thanks in advance,

Olivier
--