13 Jun
2023
13 Jun
'23
8:18 a.m.
https://bugs.openldap.org/show_bug.cgi?id=10065
--- Comment #21 from Howard Chu hyc@openldap.org --- (In reply to sean from comment #20)
(In reply to Ondřej Kuzník from comment #18)
You choose what CAs are trusted to issue client certificates and this is independent from the CAs you trust for server certs. Could that be the trust anchor you're missing?
Yeah, I understand that - and I don't use the ca bundle for that very reason, just the single CA that I need to validate my clients, but it still isn't a very exclusive club. That CA is Let's Encrypt.
Use slapo-autoca to create your own CA cert to manage your client certs.
--
You are receiving this mail because:
You are on the CC list for the issue.