"jerrrry@voila.fr" jerrrry@voila.fr writes:
Hi,
Thanks for your help.
[...]
Now i'm trying to get a ldaps connection with the backend ldap server. I want my openldap proxy to check the backend certificate with the CA certificate that i put after TLSCACertificateFile.
The issue is that the ldaps connection works everytime without checking the backend server certificate.
The configuration line with TLSCACertificateFile has no effect on the ssl connection !
I saw that TLSVerifyClient enable to force the certificate check of the client conneting to my openldap proxy but i don't see how to force the openldap proxy to check the backend server certificate.:p>
In this particular case back-ldap acts as a client, thus client specific configurations are read from ldap.conf
Then, i had 2 .cer CA certificate (a root and an intermediate) that i concat in 1 certificate. Does openldap support .cer ? or should i rename it in .pem ?
OpenLDAP only supports pem format.
-Dieter