[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: help SSL on Openldap and java

To: openldap-technical@openldap.org
Subject: Re: help SSL on Openldap and java
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Fri, 28 May 2010 10:02:30 +0200
In-reply-to: <AANLkTimZNjiNu7i8CIWzrTM6LtDxntsOwcOfTG38CvW5@mail.gmail.com> (s. g.'s message of "Thu, 27 May 2010 16:39:22 -0700")
References: <AANLkTimZNjiNu7i8CIWzrTM6LtDxntsOwcOfTG38CvW5@mail.gmail.com>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b29 (linux)

s g <sirisha.kmb@gmail.com> writes:

>     Our requirement is that we need to test if a server certificate from
>     Openldap server is valid and then upload to our trust store and use the
>     certificate for further communications using SSL to the ldap server.
>     I configured Openldap for SSL as per the Openldap admin guide - generated
>     the 3 certificates cacert.pem,servercert.pem and serverkey.pem and put the
>     corresponding entries in slapd.conf file. My assumption is cacert.pem is
>     the file for the CA,servercert.pem is the server certificate file(?!) and
>     the serverkey.pem is the file containing the private key to the server.
>     After configuring my client ldap.conf file to point to cacert.pem as per
>     the following directives -
>    
>     TLS_CACERTDIR <path to my cacert.pem file>
>     TLS_REQCERT hard
[...]

I would recommend to use TLS_CACERT <path to cacert.pem>
The parameter CACERTDIR requires the CA's in this directory to be
hashed. 

-Dieter

-- 
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6

References:
- help SSL on Openldap and java
  - From: s g <sirisha.kmb@gmail.com>

Prev by Date: Re: memberOf attributes not working through slapd-ldap backend
Next by Date: Replication problem - segfault
Index(es):
- Chronological
- Thread