[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: replication and tls

On Sat, 13 May 2006 22:53:21 -0300
"Francisco Saito" <fksaito@gmail.com> wrote:

> Add a clausule:
> tls=critical  after bindmethod=simple credentials=secret

It now works fine, I had generated certificates with the SSL-client flag
set, not the SSL-server flag. For future googlers: To check certs you
can use the following command:

$ openssl x509 -in ldapslave.example.com-cert.pem -purpose -noout
Certificate purposes:
SSL client : No
SSL client CA : No
SSL server : Yes
SSL server CA : No
Netscape SSL server : Yes
Netscape SSL server CA : No
S/MIME signing : No
S/MIME signing CA : No
S/MIME encryption : No
S/MIME encryption CA : No
CRL signing : Yes
CRL signing CA : No
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : No


It is better to remain silent and be thought a fool, than to speak
aloud and remove all doubt.

| Richard Lucassen, Utrecht                                        |
| Public key and email address:                                    |
| http://www.lucassen.org/mail-pubkey.html                         |