[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slurpd over SSL

--On Thursday, November 20, 2003 12:56 PM +0300 Mark <mark@rusautogaz.ru> wrote:

# need to be changed - specific to server
# this is specific to HOSTNAME.stanford.edu
TLSCertificateFile      /etc/ldap/HOSTNAME.cert
TLSCertificateKeyFile   /etc/ldap/HOSTNAME.key
TLSCACertificateFile    /etc/ldap/comodo-full.pem

Is HOSTNAME.cert HOSTNAME.key comodo-full.pem in MASTER's slapd.conf
differs from same files on
REPLICA slapd.conf file?

HOSTNAME is just a variable placeholder for our installation script. When it is on a system, it will be something like ldap0.cert and ldap0.key, specific to the name of the host. Each host has its own cert. So, the cert on the master and replica's does differ. The comodo-full.pem is exactly the same on each system, and is simply the authority chain for our cert provider.


Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html