On Mon, 5 Sep 2005, Howard Chu wrote: > Date: Mon, 05 Sep 2005 03:29:23 -0700 > From: Howard Chu <[EMAIL PROTECTED]> > To: Villy Kruse <[EMAIL PROTECTED]> > Cc: Kurt D. Zeilenga <[EMAIL PROTECTED]>, Peter Marschall <[EMAIL PROTECTED]>, > James Wilde <[EMAIL PROTECTED]>, > [email protected] > Subject: Re: Problem verifying self signed certificate > > Villy Kruse wrote: > > On Sun, 4 Sep 2005, Kurt D. Zeilenga wrote: > > > > > At 08:45 AM 9/4/2005, Peter Marschall wrote: > > > > > > > AFAIK this is expected behaviour as you cannot use a self-signed server > > > > certificate with openLDAP. > > > > > > > Have you examined the certificate at ldap.openldap.org? > > > It's a self-signed certificate. > > A self signed certificate cannot be verified. For that you will need > > the certificate to be signed by a trusted CA. However, a selfsigned > > certificate can be used to establish an encrypted connection. > > > I don't believe that statement helps in any way to clarify the situation. A > cert that is signed by a trusted CA is by definition *not* a self-signed cert. >
And the fact that the web site for https://www.openldap.org have a self signed certificate isn't very relevant either. The client (the web browser) should complain, but usualy the user is allowed to trust the certificate. > Note (again, and again, and again...) that "self-signed" does not mean "a > certificate that I created by myself." It means "a certificate that was not > signed by a separate certificate authority." > I wouldn't use that word in any other meaning. Perhaps the word was used in a different meaning in the Subject line; I didn't think about that. Villy
