[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: clarification on ldap with ssl/tls

To: Rodney Simioni <rodney.simioni@verio.net>
Subject: Re: clarification on ldap with ssl/tls
From: Craig White <craig.white@ttiltd.com>
Date: Mon, 22 Apr 2013 16:36:50 -0700
Cc: openldap-technical@openldap.org
In-reply-to: <0971982CF6B9AB418FFD5FEF7F50CB9F05E0A1A3@IAD-WPRD-XCHB03.corp.verio.net>
References: <0971982CF6B9AB418FFD5FEF7F50CB9F05E0A1A3@IAD-WPRD-XCHB03.corp.verio.net>

On Apr 22, 2013, at 12:40 PM, Rodney Simioni wrote:

> Hi,
> I’ve been tasked to enable ssl/tls on ldap. The server already has a certificate and key file. After looking at documentation, these are the three files that are needed
> In the ldap.conf file:
>  
> TLSCertificateFile /etc/openldap/servercrt.pem
> TLSCertificateKeyFile /etc/openldap/serverkey.pem
> TLSCACertificateFile /etc/openldap/cacert.pem
>  
> I already have the TLSCertificateFile and TLSCertificateKeyFile but I don’t have the TLSCACertificateFile. Is that something I have to generate?
----
if you're willing to accept any old certificate and in fact, not even bother checking certificates then no (TLS_REQCERT never).

if you've been tasked to enable ssl/tls you might actually want to learn how certificates work as this really is not an OpenLDAP question.

Craig

References:
- clarification on ldap with ssl/tls
  - From: "Rodney Simioni" <rodney.simioni@verio.net>

Prev by Date: Re: clarification on ldap with ssl/tls
Next by Date: Re: clarification on ldap with ssl/tls
Index(es):
- Chronological
- Thread