[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: tsl troubles

Kurt D. Zeilenga wrote:
At 12:40 PM 9/4/2004, SUBREDU Manuel wrote:

Kurt D. Zeilenga wrote:

At 11:45 AM 9/4/2004, SUBREDU Manuel wrote:
This doesn't require client certificates, just an server certificate.
A client certificate would only be needed if the LDAP client desired
to use TLS-based client authentication.

Hmmm .. you are saying that the client can connect to the server using _just_ the server certificate ?

TLS, without client-authentication, normally involves (as discussed
in the Admin Guide "Using TLS" chapter):
  1) creation of a server certificate, via certificate (e.g., OpenSSL) tools
  2) configuration of the server (e.g., slapd.conf(5)) to use the server certificate
  3) configuration of the client (e.g., ldap.conf(5)) with knowledge (e.g., the
     CA certificate) needed to verify the server's certificate.

thanks a lot. that means I didn't read the documentation carefully enough.