[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: CRL Certificate

To: Turbo Fredriksson <turbo@bayour.com>, openldap-software@openldap.org
Subject: Re: CRL Certificate
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Tue, 07 Nov 2006 13:55:28 -0800
Content-disposition: inline
In-reply-to: <87zmb3ymcs.fsf@pumba.bayour.com>
References: <87u01bbv0k.fsf@pumba.bayour.com> <4550CF14.9000603@symas.com> <87zmb3ymcs.fsf@pumba.bayour.com>

--On Tuesday, November 07, 2006 10:32 PM +0100 Turbo Fredriksson <turbo@bayour.com> wrote:

Quoting Howard Chu <hyc@symas.com>:

Turbo Fredriksson wrote:

I've been playing with OpenSwan the last week and learned how
to revoke certificates in the process. Usage of the CRL cert...
In my slapd.conf's I have:
TLSCACertificateFile    /etc/ldap/cacert.pem
TLSCertificateFile      /etc/ldap/ldapsrv?_domain_tld.pub
TLSCertificateKeyFile   /etc/ldap/ldapsrv?_domain_tld.prv
TLSVerifyClient         try
Where would the CRL cert fit in this? From what I can tell
of the man page, nowhere.

Read the slapd.conf(5) manpage again, look for the TLSCRLCheck keyword.


Doesn't exist in man manual. When did that come? I'm running OpenLDAP
v2.2.28.

I'm guessing 2.3, since it is the man page there. You may want to consider upgrading.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: CRL Certificate
  - From: Donn Cave <donn@u.washington.edu>

References:
- CRL Certificate
  - From: Turbo Fredriksson <turbo@bayour.com>
- Re: CRL Certificate
  - From: Howard Chu <hyc@symas.com>
- Re: CRL Certificate
  - From: Turbo Fredriksson <turbo@bayour.com>

Prev by Date: Re: CRL Certificate
Next by Date: Re: CRL Certificate
Index(es):
- Chronological
- Thread