[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SSL/TLS server certificate


It worked fine when I set the TLS_CACERT and CACERTDIR.

I've when question more.
If I want to use two OpenLDAP Servers, I must place the both CA certificates
to access each one on the client. But I can only specify one CA certificate
file in ldap.conf. Is it the solution to store both CA certificates in the
same file or is there a way around to use two CA certificates files without
having to change all the time the ldap.conf file each time I want to access
a different server?

My thanks,
Jorge Ruão

Jorge Ruão:

> Is there any tls configuration needed? What can be wrong?

Yes, obviously. You have to copy the server CA certificate onto the
client and tell the client where it is. For this you use Openldap's
ldap.conf (the one in /etc/openldap or /usr/local/etc/openldap, not the
one in /etc). 'man ldap.conf', look for TLS OPTIONS, add TLS_CACERT
/path/to/cert. You'll see that instead of ldap.conf you can use ldaprc
or .ldaprc.



We make out of the quarrel with others rhetoric
but out of the quarrel with ourselves, poetry.

mail: billy - at - billy.demon.nl