[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS headache

To: openldap-software@OpenLDAP.org
Subject: Re: TLS headache
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Mon, 16 Jun 2003 12:13:41 -0700
Content-disposition: inline
In-reply-to: <m31xxtev9t.fsf@marin.l4b.de>
References: <3EEDB06E.F0720745@fadesa.es> <m31xxtev9t.fsf@marin.l4b.de>

--On Monday, June 16, 2003 8:23 PM +0200 Dieter Kluenter <dieter@dkluenter.de> wrote:

Hi,

"José M. Fandiño" <ldap@fadesa.es> writes:

Hello,

I'm trying to make a TLS conection work between ldap clients and slapd
but I always get a ssl error. The configuration can't be simpler
I'm using a self-issued certificate.

please, can anyone tellme what's wrong with my configuration?


Openssl requires a trusted certificate on each host, therefor you have
to make a CA certifcate (cacert.pem) available to your client
applications. See the openssl FAQ.

I have to say that after wrestling with self-signed certs in OpenLDAP for a few months (I did get it to work), I gave up on the whole thing and went to verisign certs because it was much less of a headache.

--Quanah

--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- TLS headache
  - From: "José M. Fandiño" <ldap@fadesa.es>
- Re: TLS headache
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: Re: TLS headache
Next by Date: Problem with the creation of slapd.replog
Index(es):
- Chronological
- Thread