[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems using OpenLDAP 2.1 client libraries to connect to OpenLDAP 2.0 server

To: marc.bigler@day.com
Subject: Re: Problems using OpenLDAP 2.1 client libraries to connect to OpenLDAP 2.0 server
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sun, 23 Mar 2003 15:29:47 -0800
Cc: Mitrana Cristian <cmitrana@xnet.ro>, openldap-software@OpenLDAP.org
In-reply-to: <OFA25B925A.05CBDB4F-ONC1256CF2.007BB9CE@day.com>

At 02:31 PM 3/23/2003, marc.bigler@day.com wrote:

>>See http://www.openldap.org/faq/data/cache/185.html for the requirements
>>of using TLS/SSL in the 2.1 version, as you have noticed the behaviour
>>of the library has slightly changed in this regard.
>
>Many thanks, that was exactly my problem and I could solve it reading this
>FAQ, I didn't know OpenLDAP 2.1.x requires the CA certificate.

Actually, OpenLDAP 2.1 does NOT require a CA certificate.  It
requires knowledge that the signing certificate is valid.  If you
have a self-signed certificate, then it must have direct knowledge
that the certificate is valid.  This is done by placing a copy
of the certificate where OpenSSL looks for CA certificates.

(don't confuse a self signed certificate with a certificate
signed by self-signed CA certificate.... those are also supported).

>Now another question I generated a new certitificate using the FAQ but
>unfortunately it only does a 365 days cert, I would be interested in
>genrating a 3650 (10 years) cert, so I added -days 3650 to the openssl
>command but then when I run "CA.sh -sign" it only sees 1 year. Am I missing
>something ?

Suggest you direct openssl questions to the openssl list.

References:
- Re: Problems using OpenLDAP 2.1 client libraries to connect to OpenLDAP 2.0 server
  - From: marc.bigler@day.com

Prev by Date: Re: Problems using OpenLDAP 2.1 client libraries to connect to OpenLDAP 2.0 server
Next by Date: Ldap with kerberos
Index(es):
- Chronological
- Thread