Re: Replica (ldap slave server) certificates (SSL/TLS). Are clients certificates needed?

I'm newbie in mailman list, so I don't know if I'm sending this email correctly. Tranks for your reply, and what I've understood, I have to do the following: % cd /var/myca/ % /usr/share/ssl/misc/CA.sh -newca This creates cacert.pem and private/cakey.pem (these files are common for all the server and clients). In The field of Common Name I have to write the ldap master server name host (i.e. ldap.dominio.com ). Now, I make a singing request for master server, slave server (replica) and clients. I execute all these command for each one changing the Common Name for the specific host name (for master server: ldap.dominio.com , for slave server (replica): replica.ldap.dominio.com , for clients: pc1.dominio.com....). % openssl req -newkey rsa:1024 -nodes -keyout newreq.pem -out newreq.pem % /usr/share/ssl/misc/CA.sh -sign Are all OK? Thank you very much, and if this is correct, you could add this to a FAQ of the openldap guide, because I haven't seen anything about slave servers.