[Date Prev][Date Next]
Re: Replica (ldap slave server) certificates (SSL/TLS). Are clients certificates needed?
----- "Alberto GD" <firstname.lastname@example.org> wrote:
> I've followed openldap.org 's guide and ldap works great with TLS/SSL
> with authentication in server and clients. Now I have added a LDAP
> replica (ldap slave server), and I have some questions:
> - In the clients I had to make the certs with the server certificate
> (cacer.pem) of the master, because I check the server certificate, and
> also check the clients in the server. Now that I have a replica, I
> have to make others certs with the server certificate of the slave
> server (and how can I show two certificates to ldap.conf)?? (I
> followed this (
> http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#4.3 ) Or with the
> certificates made from server certificates its sufficient??
> >Step 1 and 2: Do nothing ... the CA does not need to be created
> again. The plan is to use the same CA certificate to sign the client
For all server and clients certs you have created or will create, just sign them
all with the CA cert you created and make sure all servers and clients get a copy
of the CA cert. That's all you need to do.
OpenLDAP Engineering Team.
Community developed LDAP software.