[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: CRL Certificate

To: Turbo Fredriksson <turbo@bayour.com>
Subject: Re: CRL Certificate
From: Howard Chu <hyc@symas.com>
Date: Tue, 07 Nov 2006 10:23:16 -0800
Cc: openldap-software@openldap.org
In-reply-to: <87u01bbv0k.fsf@pumba.bayour.com>
References: <87u01bbv0k.fsf@pumba.bayour.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20061029 Netscape/7.2 (ax) Firefox/1.5 SeaMonkey/1.5a

Turbo Fredriksson wrote:

I've been playing with OpenSwan the last week and learned how
to revoke certificates in the process. Usage of the CRL cert...

In my slapd.conf's I have:

TLSCACertificateFile    /etc/ldap/cacert.pem
TLSCertificateFile      /etc/ldap/ldapsrv?_domain_tld.pub
TLSCertificateKeyFile   /etc/ldap/ldapsrv?_domain_tld.prv
TLSVerifyClient         try

Where would the CRL cert fit in this? From what I can tell
of the man page, nowhere.


Read the slapd.conf(5) manpage again, look for the TLSCRLCheck keyword.

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/

Follow-Ups:
- Re: CRL Certificate
  - From: Turbo Fredriksson <turbo@bayour.com>

References:
- CRL Certificate
  - From: Turbo Fredriksson <turbo@bayour.com>

Prev by Date: Re: Speed of slapadd for BDB on a Linux machine
Next by Date: Re: Speed of slapadd for BDB on a Linux machine
Index(es):
- Chronological
- Thread