[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cetificate issue with ldaps

>TLS_CACERT /usr/local/etc/raddb/RTFE/conca.pem
>My issue is that the ssl connexion still works if i comment  the line with
>TLS_CACERT /usr/local/etc/raddb/RTFE/conca.pem.
>and it should not because without this certificate authority my openldap
proxy should not be able to >check the certificate sent by the backend ldap.
>TLS certificate verification: Error, self signed certificate in certificate
>but it works with this error.

You must have your root CA -> selfsigned after you create
- CA and key for your LDAP server
- CA anad key for client

both  CA(client,server) you must sign by your CA root certificate