[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: tsl troubles

To: SUBREDU Manuel <diablo@iasi.roedu.net>
Subject: Re: tsl troubles
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sat, 04 Sep 2004 13:06:20 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <413A1A25.3010207@iasi.roedu.net>
References: <413985BD.7060704@iasi.roedu.net> <6.1.2.0.0.20040904112744.048c6cd0@127.0.0.1> <413A0D38.6060503@iasi.roedu.net> <6.1.2.0.0.20040904120027.0499c3a8@127.0.0.1> <413A1A25.3010207@iasi.roedu.net>

At 12:40 PM 9/4/2004, SUBREDU Manuel wrote:
>Kurt D. Zeilenga wrote:
>>At 11:45 AM 9/4/2004, SUBREDU Manuel wrote:
>>This doesn't require client certificates, just an server certificate.
>>A client certificate would only be needed if the LDAP client desired
>>to use TLS-based client authentication.
>
>Hmmm .. you are saying that the client can connect to the server using _just_ the server certificate ?

TLS, without client-authentication, normally involves (as discussed
in the Admin Guide "Using TLS" chapter):
  1) creation of a server certificate, via certificate (e.g., OpenSSL) tools
  2) configuration of the server (e.g., slapd.conf(5)) to use the server certificate
  3) configuration of the client (e.g., ldap.conf(5)) with knowledge (e.g., the
     CA certificate) needed to verify the server's certificate.

Kurt

Follow-Ups:
- Re: tsl troubles
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: tsl troubles
  - From: SUBREDU Manuel <diablo@iasi.roedu.net>

References:
- tsl troubles
  - From: SUBREDU Manuel <diablo@iasi.roedu.net>
- Re: tsl troubles
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: tsl troubles
  - From: SUBREDU Manuel <diablo@iasi.roedu.net>
- Re: tsl troubles
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: tsl troubles
  - From: SUBREDU Manuel <diablo@iasi.roedu.net>

Prev by Date: Re: tsl troubles
Next by Date: Re: tsl troubles
Index(es):
- Chronological
- Thread