[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP/SSL and SSL Trust Chain?



I've now got OpenLDAP running over SSL/TLS provided by OpenSSL 0.9.6h
At the moment I've just got self signed certs, signed by the CA.pl
script that comes with OpenSSL. Therefore I need to tell OpenLDAP
clients the path to the TLS_CACERT in ~/ldap.conf . This works fine
for the command line utilties, but the LDAP client is a MacOSX machine,
and I see no easy way to add a TLS_CACERT to it's Directory Services
client configuration.

I presume if I get a globally recognised cert and have a Verisign or
Thawte CA cert for the TLSCACertificateFile in ~/slapd.conf, then I can
forget about having to install the server certificate on the clients (be
they command line openldap or MacOSX directory services). Would that be
correct?

Thanks,

Paul