Re: Problems with openldap2.1.4 and TLS/SSL

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

OpenLDAP 2.1 supports self-signed certificates... you just need
to tell the client how to verify it.

For example:
  env LDAPTLS_CACERT=/path/to/server.pem ldapsearch -x -s base \
        -H ldaps://ldap.openldap.org/

Kurt

At 06:54 AM 2002-09-24, Frank Swasey wrote:
>Today at 3:26pm, Mathias Meisfjordskar wrote:
>
>> > > openssl req -new -x509 -nodes -out server.pem -keyout server.pem
>> > > -days 365
>> >
>> > Aha! You generated a self-signed certificate. That doesn't work with
>> > OpenLDAP 2.1! You have to have a real certificate (something
>> > certified by a CA).
>>
>> Uhm... No, self-signed certificates should be just fine:
>
>The process you describe is not the same as what was done by the person
>I replied to.  You have created your own CA and then used it to sign a
>request.  He/She created a certificate and used it without having it
>signed by a CA.  See the difference?
>
>-- 
>Frank Swasey                    | http://www.uvm.edu/~fcs
>Systems Programmer              | Always remember: You are UNIQUE,
>University of Vermont           |    just like everyone else.
>                    === God Bless Us All ===