Turbo Fredriksson wrote:
I've been playing with OpenSwan the last week and learned how to revoke certificates in the process. Usage of the CRL cert...
In my slapd.conf's I have:
TLSCACertificateFile /etc/ldap/cacert.pem TLSCertificateFile /etc/ldap/ldapsrv?_domain_tld.pub TLSCertificateKeyFile /etc/ldap/ldapsrv?_domain_tld.prv TLSVerifyClient try
Where would the CRL cert fit in this? From what I can tell of the man page, nowhere.
Read the slapd.conf(5) manpage again, look for the TLSCRLCheck keyword.