[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Question about LDAP and SSL.

On Wednesday, 7 July 2010 23:06:40 Bryan Boone wrote:
> Hi everyone.  I am kinda a noob to OpenLDAP and SSL for that matter.
> I am writting a web page that resides on a special piece of proprietary
>  hardware (not a PC) that I need authentication for (running linux with
>  apache server).  I would like LDAP to be one of the authentication methods
>  (this hardware will be a LDAP client) when a customer logs into the web
>  page of my device.  Of course I need this to support LDAP with SSL.
> I went to the openldap website and found the directions to create and
>  generated the SSL certs and installed them in openLDAP (3 total).  There
>  is the server cert and key, and then the client cert.
> You know how when connecting to a https:// website IE, or firefox will
>  prompt you if you want to accept the SSL certificate (if the cert is not
>  signed by a CA)?  Does openldap provide a mechanism that will accomplish
>  the same thing (automatic client cert acceptance)?


>  Or will I need to
>  provide a way on my hardware where the customer can manualy upload his/her
>  client cert to the device?

If you want SSL cert validation, you must either ship with the CA certs you 
want, or provide a means to upload a CA cert.