Re: Replica (ldap slave server) certificates (SSL/TLS). Are clients certificates needed?
----- "Alberto GD" <darkxer0x(a)esdebian.org> wrote:
Hi!
I've followed openldap.org 's guide and ldap works great with TLS/SSL
with authentication in server and clients. Now I have added a LDAP
replica (ldap slave server), and I have some questions:
- In the clients I had to make the certs with the server certificate
(cacer.pem) of the master, because I check the server certificate, and
also check the clients in the server. Now that I have a replica, I
have to make others certs with the server certificate of the slave
server (and how can I show two certificates to ldap.conf)?? (I
followed this (
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#4.3 ) Or with the
certificates made from server certificates its sufficient??
>Step 1 and 2: Do nothing ... the CA does not need to be created
again. The plan is to use the same CA certificate to sign the client
certificate.
For all server and clients certs you have created or will create, just sign them
all with the CA cert you created and make sure all servers and clients get a copy
of the CA cert. That's all you need to do.
Gavin.
--
Kind Regards,
Gavin Henry.
OpenLDAP Engineering Team.
E ghenry(a)OpenLDAP.org
Community developed LDAP software.
http://www.openldap.org/project/