s g <[email protected]> writes: > Our requirement is that we need to test if a server certificate from > Openldap server is valid and then upload to our trust store and use the > certificate for further communications using SSL to the ldap server. > I configured Openldap for SSL as per the Openldap admin guide - generated > the 3 certificates cacert.pem,servercert.pem and serverkey.pem and put the > corresponding entries in slapd.conf file. My assumption is cacert.pem is > the file for the CA,servercert.pem is the server certificate file(?!) and > the serverkey.pem is the file containing the private key to the server. > After configuring my client ldap.conf file to point to cacert.pem as per > the following directives - > > TLS_CACERTDIR <path to my cacert.pem file> > TLS_REQCERT hard [...]
I would recommend to use TLS_CACERT <path to cacert.pem> The parameter CACERTDIR requires the CA's in this directory to be hashed. -Dieter -- Dieter Klünter | Systemberatung sip: +49.40.20932173 http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
