[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: [seeking help] unknown CA

To: Howard Chu <hyc@symas.com>, "'Tony Earnshaw'" <tonni@billy.demon.nl>, openldap-software@OpenLDAP.org
Subject: RE: [seeking help] unknown CA
From: Ben Kim <bkim@edsun.coe.tamu.edu>
Date: Mon, 29 Sep 2003 00:46:06 -0500 (CDT)
In-reply-to: <00b601c38649$8e961180$8601a8c0@CELLO>

Great thanks to Tony and Howard!!!

I added 
	TLS_CACERT /usr/local/ssl/certs/ca-bundle.crt
to the ldap.conf and it now works like magic. Hope this is the correct
method? Thanks.

Regards,
Ben

> RedHat's openldap rpms are extremely old, they still ship OpenLDAP 2.0.25.
> The OpenLDAP 2.0 client library didn't do certificate verification by
> default, which is why your Linux install "works" without any CA cert
> configuration. It is working, but it's not providing any real security. Set
> the TLS_CACERT in the OpenLDAP ldap.conf file. Don't use TLS_CACERTDIR unless
> you've read the OpenLDAP Admin Guide and the OpenSSL docs and actually know
> what you're doing.

References:
- RE: [seeking help] unknown CA
  - From: "Howard Chu" <hyc@symas.com>

Prev by Date: Re: slapd dies sliently
Next by Date: RE: sasl
Index(es):
- Chronological
- Thread