[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Problem connecting using TLS

You must have a copy of the CA cert on all client machines, as stated in the

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Robert

> On Mon, 2003-10-20 at 16:10, Howard Chu wrote:
> > Wrong. You need to use "tls_cacert" for the CA cert, not "tls_cert".
> >
> > tls_cert is for a client certificate, which as Dieter says,
> > you don't have.

> Thanks to you both. So, I can either have tls_cacert pointing to the
> cacert of the server -OR- tls_cert with a generated client cert signed
> by the server CA? I would prefer the latter so as not to have to
> generate a client cert for all machines that need to communicate using
> TLS.
> --
> Robert