[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Self signed certificates, does it work with symas binaries

The Symas 1.1.x binaries are built from OpenLDAP 2.1.5 source and
incorporate OpenSSL 0.9.6g. As such, self-signed certificates are supported,
but we discourage their use, as they nullify many of the security advantages
of TLS.

CA-signed certificates work just fine (the CA cert is the only self-signed
certificate in the system), and the CA.sh utility will do the right things
to produce certificate and key pairs, be it for the CA itself, for the slapd
server, or for a client. At a minimum you will have to copy the CA cert to
each ldap client node (we suggest the path /opt/symas/ssl/cacert.pem) and
then specify the certificate's pathname in the ldap.conf file.

The use and configuration of OpenLDAP with TLS is discussed in the OpenLDAP
Administrator's guide (http://www.openldap.org/doc/admin21). The relevant
section is http://www.openldap.org/doc/admin21/tls.html . If you need to
refer to the source, all of the source code that went into CDS 1.1.x,
including bug-fixes, is available for reference at
http://www.symas.net/download/connexitor/cds/source . Alternatively, Symas
offers a configuration service for a nominal fee that is designed to help
new users get over the difficulties of an initial OpenLDAP deployment.

Matthew Hardin
Symas Corporation

Symas: Premier Open Source Development and Support

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Pravin Joshi
Sent: Monday, October 14, 2002 7:47 AM
To: 'openldap-software@OpenLDAP.org'
Subject: Self signed certificates, does it work with symas binaries

Does self signed certificates works with symas binaries (under sunos 5.8)?
If yes, can anybod specify the steps to configure it? Please reply.

Thanks & Regards
Pravin Joshi