[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using NSS

On Sun, 2012-02-05 at 09:43 -0700, Chris Jacobs wrote:
> Yes: Specify your cacert file in openldap's ldap.conf file (NOT PADL's in /etc/): typically /etc/openldap/ldap.conf or perhaps /usr/local/openldap/etc/openldap/ldap.conf.

That's it.  Thank you!

> If the cert is signed by a real CA then your system's cacert bundle needs updating.

It's self-signed.  And (I *think*) things are working.

> And use openssl vs mozilla's ssl - my understanding is that it doesn't quite work right; especially when building openldap.

I'm using Fedora's binaries; and they're built against NSS these days.