[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenSSL usage?

If you intend to use OpenSSL to establish your own Certificate Authority,
you should start
by looking at the documentation on www.openssl.org. There are mailing lists
for help using the OpenSSL tools referenced on that site.

You will need the certificate from your Certificate Authority as well as
your own server certificate.

There are a number of relevant config options for setting up the
certificate. You can see how they work in slapd/config.c.

The bare minimum:
TLSCertificateFile  /path/to/server/certificate.pem
TLSCertificateKeyFile	/path/to/server/privatekey.pem
TLSCACertificateFile	/path/to/certificateAuthority/certificate.pem

If you want to require clients to supply a client cert, you can add
TLSVerifyClient 1

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Jim Hud
> Sent: Wednesday, October 11, 2000 5:35 AM
> To: openldap-software@OpenLDAP.org
> Subject: OpenSSL usage?
> I am trying to setup openldap-2.0.6 and OpenSSL-0.9.6
> Can anyone point me in the right direction, how do I create the server
> certificate and configure slapd to use it?
> Any other points, if/when I get it to work I will write a faq on it.