s g <[email protected]> writes: > Thanks for replying. I was a bit occupied, so I could not back soon. Going by > your mail, I went through > the certificate generation process again. What I found is that for some > reason, the cacert.pem file > (which is the certificate for the CA) shows the following - > X509v3 extensions: > X509v3 Basic Constraints: > CA:FALSE > I am attaching the steps I followed and the certificate files generated as > per the tutorial > http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#4.2.
Did you read the note on top of this paper? > > Shouldn't the above field be CA:true? Also, how do I make sure that the flag > that you mentioned below > gets set to "SSL server". edit openssl.cnf accordingly, or use tinyCA to create a certificate chain http://tinyca.sm-zone.net/index.html -Dieter -- Dieter Klünter | Systemberatung sip: +49.40.20932173 http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
