[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slapd, GNUTLS on Debian/Squeeze

On Fri, May 20, 2011 at 6:50 AM, David Dumortier <d.dumortier@free.fr> wrote:
> I generated a self-signed certificate with these options :
> certtool --generate-privkey --outfile /etc/ldap/ssl/mykey.key
> certtool --generate-request --load-privkey /etc/ldap/ssl/mykey.key --outfile
> /etc/ldap/ssl/mycsr.csr
> Here is my slapd conf :
> olcTLSVerifyClient: demand
> olcTLSCertificateFile: /etc/ldap/ssl/mycsr.csr
> olcTLSCertificateKeyFile: /etc/ldap/ssl/mykey.key

CSR = Certificate signing request [1]

# Create a private key and a self-signed certificate (public key inside).
$ openssl req -x509 -newkey rsa:2048 -nodes -key Example_CA.key -out
Example_CA.cer -days 7305

[1] http://en.wikipedia.org/wiki/Certificate_signing_request

Reinaldo de Carvalho

"While not fully understand a software, don't try to adapt this
software to the way you work, but rather yourself to the way the
software works" (myself)