[Date Prev][Date Next]
Re: Question about LDAP and SSL.
On Wednesday, 7 July 2010 23:06:40 Bryan Boone wrote:
> Hi everyone. I am kinda a noob to OpenLDAP and SSL for that matter.
> I am writting a web page that resides on a special piece of proprietary
> hardware (not a PC) that I need authentication for (running linux with
> apache server). I would like LDAP to be one of the authentication methods
> (this hardware will be a LDAP client) when a customer logs into the web
> page of my device. Of course I need this to support LDAP with SSL.
> I went to the openldap website and found the directions to create and
> generated the SSL certs and installed them in openLDAP (3 total). There
> is the server cert and key, and then the client cert.
> You know how when connecting to a https:// website IE, or firefox will
> prompt you if you want to accept the SSL certificate (if the cert is not
> signed by a CA)? Does openldap provide a mechanism that will accomplish
> the same thing (automatic client cert acceptance)?
> Or will I need to
> provide a way on my hardware where the customer can manualy upload his/her
> client cert to the device?
If you want SSL cert validation, you must either ship with the CA certs you
want, or provide a means to upload a CA cert.