[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ssl ldap certs...



At 06:01 AM 11/3/2004, Ronan wrote:
>I am writing an ldap client to connect to an Active Directory server over ssl. I have installed the certificate on the server, but from reading the documentation i need a client certificate as well.

You only need a client certificate if you want the server
to authenticate the client.  However, the client needs
information to verify the server's certificate.  Commonly,
CA information is provided.

Anways, OpenLDAP client libraries (which I assume you are using)
uses OpenSSL, including for certificate management.  Hence,
you should get openssl(1) working first.  Then apply the
OpenSSL details to your OpenLDAP configuration.

The remainder of your posts discusses stuff outside the scope
of this list (such as how to convert non-OpenSSL key/cert
databases for use in OpenSSL-based applications).  Discuss
of how to do such conversions seem more appropriately discussed
on an OpenSSL list (e.g., <openssl-users@openssl.org>).

Kurt