Hi,
Is there any way to fetch the CA certificate from LDAP server using OpenLDAP C SDK?
I am using openldap-2.0.3 libraries.
Consider that the AAA server is running securely with following files: 1. server certificate 2. ca certficate 3. server key
On client side, how do I get the ca certficate? I don't want to copy it manually by doing scp/http. Is there any library call available to accomplish this? Please help.
Thanks, Digambar
Digambar Sawant writes:
Is there any way to fetch the CA certificate from LDAP server using OpenLDAP C SDK? (...) On client side, how do I get the ca certficate? I don't want to copy it manually by doing scp/http.
If you get it from the server, someone can hijack the connection and gives you their own certificate instead of your server's. That defeats the entire point of having a server certificate: to verify that the machine you connected to actually is the one you wanted to reach.
But if you insist, check out your TLS/SSL implementation's documentation. I OpenLDAP leaves it to do CA cert handling.
openldap-software@openldap.org
-
Digambar Sawant -
Hallvard B Furuseth