[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS client certificate pb

To: "'Francois Beretti'" <francois.beretti@enatel.com>, "'Liste OpenLDAP Software'" <openldap-software@OpenLDAP.org>
Subject: RE: TLS client certificate pb
From: "Howard Chu" <hyc@highlandsun.com>
Date: Tue, 4 Mar 2003 05:15:30 -0800
Importance: Normal
In-reply-to: <1046780118.812.16.camel@linux-integ>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Francois Beretti

> I still haven't found how to have tls working with client certificate
> verification...
>
> Is it required for this to use SASL EXTERNAL ?

Yes, you must have a client certificate to use SASL EXTERNAL with SSL/TLS.

> I want to try SASL EXTERNAL, but I need some clarification...
> How does the server map the client certificate with the dn used to
> authenticate ? Where do the certificates have to be stored ? (and do
> they have to be stored ? )

Read the F'ine manual already. http://www.openldap.org/doc/admin21/

Amazing, people complain that there's no documentation, and then when we take
the time to write the docs nobody reads them. It all seems like wasted
effort.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- RE: TLS client certificate pb
  - From: Francois Beretti <francois.beretti@enatel.com>
- RE: TLS client certificate pb
  - From: Tony Earnshaw <tonni@billy.demon.nl>
- RE: TLS client certificate pb
  - From: "Mark H. Wood" <mwood@IUPUI.Edu>

References:
- Re: TLS client certificate pb
  - From: Francois Beretti <francois.beretti@enatel.com>

Prev by Date: make test fails
Next by Date: Re: make test fails
Index(es):
- Chronological
- Thread