[Date Prev][Date Next]
Re: Problems using OpenLDAP 2.1 client libraries to connect to OpenLDAP 2.0 server
At 02:31 PM 3/23/2003, firstname.lastname@example.org wrote:
>>See http://www.openldap.org/faq/data/cache/185.html for the requirements
>>of using TLS/SSL in the 2.1 version, as you have noticed the behaviour
>>of the library has slightly changed in this regard.
>Many thanks, that was exactly my problem and I could solve it reading this
>FAQ, I didn't know OpenLDAP 2.1.x requires the CA certificate.
Actually, OpenLDAP 2.1 does NOT require a CA certificate. It
requires knowledge that the signing certificate is valid. If you
have a self-signed certificate, then it must have direct knowledge
that the certificate is valid. This is done by placing a copy
of the certificate where OpenSSL looks for CA certificates.
(don't confuse a self signed certificate with a certificate
signed by self-signed CA certificate.... those are also supported).
>Now another question I generated a new certitificate using the FAQ but
>unfortunately it only does a 365 days cert, I would be interested in
>genrating a 3650 (10 years) cert, so I added -days 3650 to the openssl
>command but then when I run "CA.sh -sign" it only sees 1 year. Am I missing
Suggest you direct openssl questions to the openssl list.