[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap and TLS issue

----- "Ivan Ordonez" <iordonez@nature.berkeley.edu> wrote:

> Looking at the debug log, it is expired. It puzzle me because the
> certs on the other two machine are working correctly.

Check their expiry dates with:

openssl x509 -in /usr/local/etc/openldap/ldap-slave_cert.pem -text
> Since this is the case (certificate expires), is it safe to create a
> new one for this machine?

Of course, then sign it with the cacert, something like:

./CA.sh -newreq
./CA.sh -sign

Kind Regards,

Gavin Henry.
OpenLDAP Engineering Team.

E ghenry@OpenLDAP.org

Community developed LDAP software.