[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: CA and Intermediate Certificates

It's a matter of preference.
Those 'huge clunky files' are easy to parse from the command line. When it's time to renew the cert, I can simply update the parts that were updated (usually just the host cert) rather than having to generate a new hash.

I understand where you're coming from, but I prefer this way. It really is easier to trace/fix/replace.

Or perhaps I'm misunderstanding you.

- chris

-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@zimbra.com]
Sent: Thursday, August 14, 2014 11:17 AM
To: Chris Jacobs; Andrew Devenish-Meares; openldap-technical@openldap.org
Subject: RE: CA and Intermediate Certificates

--On Thursday, August 14, 2014 10:22 AM -0700 Chris Jacobs <Chris.Jacobs@apollo.edu> wrote:

># grep TLS.*File slapd.conf
> TLSCACertificateFile    /etc/openldap/cacerts/cacert.pem
> TLSCertificateFile      /etc/openldap/cacerts/servercrt.pem
> TLSCertificateKeyFile   /etc/openldap/cacerts/serverkey.pem

Or just use TLSCACertificatePath and hash the CA certs, rather than using huge clunky files...



Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
Zimbra ::  the leader in open source messaging and collaboration

This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.