[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS fails

That makes sense as I am using the self signed method described in section
4.1. The problem I have is I am on Fedora Core 4 and there is no CA.sh
script like described in section 4.2, which I imagine that would make things
happy. I assume there is a manual way to do this without the script. If
anyone has a link to a HowTo to set up a CA in Fedora without the CA.sh
script, I would be most appreciative. In the mean time, it is off to Google.

Chip Burke

-----Original Message-----
From: Jon Roberts [mailto:jon@jonanddeb.net] 
Sent: Friday, February 03, 2006 2:01 PM
Cc: Chip Burke; OpenLDAP-software@OpenLDAP.org
Subject: Re: TLS fails

Aaron Richton wrote:
> Sounds like you're on the right track with the server. But I see no note
> of using ldap.conf or .ldaprc to set TLS_CACERT directive for your client.
> See ldap.conf(5).

For a local CA, you will also want the line:

TLSCACertificateFile /path/to/your/cacert.pem

in your slapd.conf file. The error message you are getting indicates 
that you are not finding the CA for verification.

Jon Roberts