I know that for an SSL connection to a server I need the following to control the strength of server certificate control.
ldapssl_advclientauth_init(cacertdir or cacertfile, NULL , 0 ,NULL, NULL, 0, NULL, sslstrength); with cacertdir / file pointing to cert8.db which contains the CA (usually /etc/certs ) and sslstrength LDAPSSL_AUTH_WEAK , LAPSSL_AUTH_CERT, LDAPSSL_AUTH_CNCHECK ld = ldapssl_init(server, port, 1) Now if I want client certificate authentication what do I need to add ? Do I need to add the key.db AND secmod.db ? Do I need to set needkey AND needsecmod to 1 ? ldapssl_advclientauth_init(cacertdir or cacertfile, NULL , 0 ,NULL, NULL, 0, NULL, sslstrength); ld = ldapssl_init(server, port, 1) Does the keynickname AND certnickname need to match an entry somewhere ? Can I user certutil to get the names ? If yes how ? ldapssl_enable_clientauth(ld, keynickname, keypasswd, certnickname ); Is there anything else I need ? Thank you Markus _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
