[Date Prev][Date Next] [Chronological] [Thread] [Top]

Replica (ldap slave server) certificates (SSL/TLS). Are clients certificates needed?



Hi!
I've followed openldap.org's guide and ldap works great with TLS/SSL with authentication in server and clients. Now I have added a LDAP replica (ldap slave server), and I have some questions:
- In the clients I had to make the certs with the server certificate (cacer.pem) of the master, because I check the server certificate, and also check the clients in the server. Now that I have a replica, I have to make others certs with the server certificate of the slave server (and how can I show two certificates to ldap.conf)?? (I followed this (http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#4.3) Or with the certificates made from server certificates its sufficient??

>Step 1 and 2: Do nothing ... the CA does not need to be created again. The plan is to use the same CA certificate to sign the client certificate.