[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS & Slurpd & SelfSigned certs

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: TLS & Slurpd & SelfSigned certs
From: Luca Filipozzi <lucaf+openldap@ece.ubc.ca>
Date: Tue, 1 Apr 2003 20:37:00 -0800
Content-disposition: inline
In-reply-to: <003e01c2f8cf$5f585b60$64070786@synack>
Organization: UBC Electrical & Computer Engineering
References: <003e01c2f8cf$5f585b60$64070786@synack>
User-agent: Mutt/1.5.4i

On Wed, Apr 02, 2003 at 12:21:42PM +0800, David Shirley wrote:
> When slurpd talks to the slave it throws:
> "TLS certificate verification: Error, self signed certificate"

What works for me is to create my own Certificate Authority and sign my
ldap server certs/keys with that CA cert/key.

Then, I tell my ldap servers about my CA cert:

TLSCACertificateFile    /etc/openldap/CA.example.com.crt
TLSCertificateFile      /etc/openldap/host.example.com.crt
TLSCertificateKeyFile   /etc/openldap/host.example.com.key

Luca

-- 
Luca Filipozzi, ECE Dept. IT Manager, University of British Columbia
gpgkey 5A827A2D - A149 97BD 188C 7F29 779E  09C1 3573 32C4 5A82 7A2D

References:
- TLS & Slurpd & SelfSigned certs
  - From: "David Shirley" <dave@cs.curtin.edu.au>

Prev by Date: how to use slurpd to copy a subtree
Next by Date: Re: Using LDAP for User authentication
Index(es):
- Chronological
- Thread