https://bugs.openldap.org/show_bug.cgi?id=10065
--- Comment #23 from Ondřej Kuzník ondra@mistotebe.net --- On Tue, Jun 13, 2023 at 10:08:28PM +0000, openldap-its@openldap.org wrote:
Use slapo-autoca to create your own CA cert to manage your client certs.
I wasn't aware you had your own CA infrastructure. Thanks for bringing it up. It certainly deserves a mention in this context. I actually already have a private CA which I could use for LDAP, but I wanted my clients to have public CA certs on their front-facing ports. I could use private CA certs for the back facing ports but I think it's easier to just have the proxy.
Why do you need the same certificate for someone's inbound traffic and the one they use to identify themselves to OpenLDAP (client certificate)?
BTW we should move this part of the discussion to -technical.