[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: CA and Intermediate Certificates

To: Ferenc Wagner <wferi@niif.hu>, Andrew Devenish-Meares <adevenis@une.edu.au>
Subject: Re: CA and Intermediate Certificates
From: Howard Chu <hyc@symas.com>
Date: Thu, 14 Aug 2014 04:46:35 -0700
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
In-reply-to: <87y4urwhx4.fsf@lant.ki.iif.hu>
References: <53EC4832.5020005@une.edu.au> <87y4urwhx4.fsf@lant.ki.iif.hu>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0 SeaMonkey/2.27a1

Ferenc Wagner wrote:

Andrew Devenish-Meares <adevenis@une.edu.au> writes:

We're currently starting to migrate our certificates to AusCERT, as we
get a good deal as a University.  As AusCERT is an intermediate CA, so
we need to use a chain to get this to work.
[...]
This means that we need to install the intermediate certificate on
clients that connect to our LDAP using SSL or TLS.  Admittedly this
isn't vastly different to what we need to do now in supplying our own CA.


You have to put the chain leading to the well-known root CA into your
server certificate file:

Wrong. The correct usage of CA certificates is already documented in theslapd.conf(5) manpage, slapd-config(5) manpage, and the Admin Guide. RTFM.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- CA and Intermediate Certificates
  - From: Andrew Devenish-Meares <adevenis@une.edu.au>
- Re: CA and Intermediate Certificates
  - From: Ferenc Wagner <wferi@niif.hu>

Prev by Date: How to do a case insensitive substring search on a case-sensitive field ?
Next by Date: Re: How to do a case insensitive substring search on a case-sensitive field ?
Index(es):
- Chronological
- Thread