[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems with openldap2.1.4 and TLS/SSL

To: Mathias Meisfjordskar <mathias.meisfjordskar@usit.uio.no>
Subject: Re: Problems with openldap2.1.4 and TLS/SSL
From: Frank Swasey <Frank.Swasey@uvm.edu>
Date: Tue, 24 Sep 2002 09:54:47 -0400 (EDT)
Cc: Stefan Wurzinger <stefan.wurzinger@greengecko.org>, <OpenLDAP-software@OpenLDAP.org>
In-reply-to: <y6wfzvzecxt.fsf@dumbo.uio.no>

Today at 3:26pm, Mathias Meisfjordskar wrote:

> > > openssl req -new -x509 -nodes -out server.pem -keyout server.pem
> > > -days 365
> >
> > Aha! You generated a self-signed certificate. That doesn't work with
> > OpenLDAP 2.1! You have to have a real certificate (something
> > certified by a CA).
>
> Uhm... No, self-signed certificates should be just fine:

The process you describe is not the same as what was done by the person
I replied to.  You have created your own CA and then used it to sign a
request.  He/She created a certificate and used it without having it
signed by a CA.  See the difference?

-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Systems Programmer              | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
                    === God Bless Us All ===

Follow-Ups:
- Re: Problems with openldap2.1.4 and TLS/SSL
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: Problems with openldap2.1.4 and TLS/SSL
  - From: Mathias Meisfjordskar <mathias.meisfjordskar@usit.uio.no>

Prev by Date: Re: Problems with openldap2.1.4 and TLS/SSL
Next by Date: Re: Problems with openldap2.1.4 and TLS/SSL
Index(es):
- Chronological
- Thread