----- "Alberto GD" darkxer0x@esdebian.org wrote:
Hi! I've followed openldap.org 's guide and ldap works great with TLS/SSL with authentication in server and clients. Now I have added a LDAP replica (ldap slave server), and I have some questions:
- In the clients I had to make the certs with the server certificate
(cacer.pem) of the master, because I check the server certificate, and also check the clients in the server. Now that I have a replica, I have to make others certs with the server certificate of the slave server (and how can I show two certificates to ldap.conf)?? (I followed this ( http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#4.3 ) Or with the certificates made from server certificates its sufficient??
Step 1 and 2: Do nothing ... the CA does not need to be created
again. The plan is to use the same CA certificate to sign the client certificate.
For all server and clients certs you have created or will create, just sign them all with the CA cert you created and make sure all servers and clients get a copy of the CA cert. That's all you need to do.
Gavin.