I'm newbie in mailman list, so I don't know if I'm
sending this email
correctly.
Tranks for your reply, and what I've understood, I have to do the
following:
% cd /var/myca/
% /usr/share/ssl/misc/CA.sh -newca
This creates cacert.pem and private/cakey.pem (these files are common
for all the server and clients). In The field of Common Name I have to
write the ldap master server name host (i.e.
ldap.dominio.com ).
Now, I make a singing request for master server, slave server
(replica) and clients. I execute all these command for each one
changing the Common Name for the specific host name (for master
server:
ldap.dominio.com , for slave server (replica):
replica.ldap.dominio.com , for clients:
pc1.dominio.com....).
% openssl req -newkey rsa:1024 -nodes -keyout newreq.pem -out
newreq.pem
% /usr/share/ssl/misc/CA.sh -sign
Are all OK?
Thank you very much, and if this is correct, you could add this to a
FAQ of the openldap guide, because I haven't seen anything about slave
servers.
Simply:
/usr/share/ssl/misc/CA.sh -newca
/usr/share/ssl/misc/CA.sh -newreq
/usr/share/ssl/misc/CA.sh -sign
then for all other servers/slave, only do the last two of above.
See that faq for more into.
--
Kind Regards,
Gavin Henry.
OpenLDAP Engineering Team.
E ghenry(a)OpenLDAP.org
Community developed LDAP software.