Turbo Fredriksson wrote:
I've been playing with OpenSwan the last week and learned how
to revoke certificates in the process. Usage of the CRL cert...
In my slapd.conf's I have:
TLSCACertificateFile /etc/ldap/cacert.pem
TLSCertificateFile /etc/ldap/ldapsrv?_domain_tld.pub
TLSCertificateKeyFile /etc/ldap/ldapsrv?_domain_tld.prv
TLSVerifyClient try
Where would the CRL cert fit in this? From what I can tell
of the man page, nowhere.
Read the slapd.conf(5) manpage again, look for the TLSCRLCheck keyword.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
