Hi!
I've followed openldap.org's guide and ldap works great with TLS/SSL with
authentication in server and clients. Now I have added a LDAP replica (ldap
slave server), and I have some questions:
- In the clients I had to make the certs with the server certificate
(cacer.pem) of the master, because I check the server certificate, and also
check the clients in the server. Now that I have a replica, I have to make
others certs with the server certificate of the slave server (and how can I
show two certificates to ldap.conf)?? (I followed
this<http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#4.3>(
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#4.3) Or with the
certificates made from server certificates its sufficient??
Step 1 and 2: Do nothing ... the CA does not need to be created again.
The
plan is to use the same CA certificate to sign the client certificate.