[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP and SSL

--On Mittwoch, 15. August 2001 11:33 +0200 Geert Van Muylem <Geert.Van.Muylem@SKYNET.BE> wrote:


I've configured my LDAP server (2.0.11) to work with SSL
(used OpenSSL to create the necessary certificates and keyfile)

Can I use the Netscape C SDK to write a client application that works with SSL and OpenLDAP?

Yes, but mind the difference of StartTLS and LDAPS. Only latter is supported by the Netscape SDK. Thus you need to start slapd with "slapd -h ldaps:///"

How do I create this cert7.db?
Is there a tool for it?
In case of certificate based client authentication, how do I create this
key database?

The easiest way is to use Netscape Navigator. To get the server cert into the database, goto URL "https://ldapserver:636/";. The cert7.db can then be found in ~/.netscape. Same for certificate based auth. Import your pkcs12 file in Navigator and then use ~/.netscape/key3.db.

Norbert Klasen
DAASI International GmbH                 phone: +49 7071 2970336
Wilhelmstr. 106                          fax:   +49 7071 295114
72074 Tübingen                           email: norbert.klasen@daasi.de
Germany                                  web:   http://www.daasi.de