[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: CRL Certificate

--On Tuesday, November 07, 2006 10:32 PM +0100 Turbo Fredriksson <turbo@bayour.com> wrote:

Quoting Howard Chu <hyc@symas.com>:

Turbo Fredriksson wrote:
I've been playing with OpenSwan the last week and learned how
to revoke certificates in the process. Usage of the CRL cert...
In my slapd.conf's I have:
TLSCACertificateFile    /etc/ldap/cacert.pem
TLSCertificateFile      /etc/ldap/ldapsrv?_domain_tld.pub
TLSCertificateKeyFile   /etc/ldap/ldapsrv?_domain_tld.prv
TLSVerifyClient         try
Where would the CRL cert fit in this? From what I can tell
of the man page, nowhere.

Read the slapd.conf(5) manpage again, look for the TLSCRLCheck keyword.

Doesn't exist in man manual. When did that come? I'm running OpenLDAP v2.2.28.

I'm guessing 2.3, since it is the man page there. You may want to consider upgrading.


Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html