On Apr 22, 2013, at 12:40 PM, Rodney Simioni wrote: > Hi, > I’ve been tasked to enable ssl/tls on ldap. The server already has a > certificate and key file. After looking at documentation, these are the three > files that are needed > In the ldap.conf file: > > TLSCertificateFile /etc/openldap/servercrt.pem > TLSCertificateKeyFile /etc/openldap/serverkey.pem > TLSCACertificateFile /etc/openldap/cacert.pem > > I already have the TLSCertificateFile and TLSCertificateKeyFile but I don’t > have the TLSCACertificateFile. Is that something I have to generate? ---- if you're willing to accept any old certificate and in fact, not even bother checking certificates then no (TLS_REQCERT never).
if you've been tasked to enable ssl/tls you might actually want to learn how certificates work as this really is not an OpenLDAP question. Craig
