"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> writes: > Hi, > > Thanks for your help. [...] > Now i'm trying to get a ldaps connection with the backend ldap server. > I want my openldap proxy to check the backend certificate with the CA > certificate that i put after TLSCACertificateFile. > > The issue is that the ldaps connection works everytime without checking the > backend server certificate. > > The configuration line with TLSCACertificateFile has no effect on the ssl > connection ! > > I saw that TLSVerifyClient enable to force the certificate check of the client > conneting to my openldap proxy but i don't see how to force the openldap proxy > to check the backend server certificate.:p>
In this particular case back-ldap acts as a client, thus client specific configurations are read from ldap.conf > Then, i had 2 .cer CA certificate (a root and an intermediate) that i concat > in 1 certificate. Does openldap support .cer ? or should i rename it in .pem ? OpenLDAP only supports pem format. -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de N 53°37'10.08" E 10°08'02.82" GPG Key ID:8EF7B6C6
