[Date Prev][Date Next]
Re: Problem verifying self signed certificate
On Mon, 5 Sep 2005, Howard Chu wrote:
> Date: Mon, 05 Sep 2005 03:29:23 -0700
> From: Howard Chu <email@example.com>
> To: Villy Kruse <firstname.lastname@example.org>
> Cc: Kurt D. Zeilenga <Kurt@OpenLDAP.org>, Peter Marschall <email@example.com>,
> James Wilde <firstname.lastname@example.org>,
> Subject: Re: Problem verifying self signed certificate
> Villy Kruse wrote:
> > On Sun, 4 Sep 2005, Kurt D. Zeilenga wrote:
> > > At 08:45 AM 9/4/2005, Peter Marschall wrote:
> > >
> > > > AFAIK this is expected behaviour as you cannot use a self-signed server
> > > > certificate with openLDAP.
> > > >
> > > Have you examined the certificate at ldap.openldap.org?
> > > It's a self-signed certificate.
> > A self signed certificate cannot be verified. For that you will need
> > the certificate to be signed by a trusted CA. However, a selfsigned
> > certificate can be used to establish an encrypted connection.
> I don't believe that statement helps in any way to clarify the situation. A
> cert that is signed by a trusted CA is by definition *not* a self-signed cert.
And the fact that the web site for https://www.openldap.org have a self signed
certificate isn't very relevant either. The client (the web browser) should
complain, but usualy the user is allowed to trust the certificate.
> Note (again, and again, and again...) that "self-signed" does not mean "a
> certificate that I created by myself." It means "a certificate that was not
> signed by a separate certificate authority."
I wouldn't use that word in any other meaning. Perhaps the word was
used in a different meaning in the Subject line; I didn't think about that.