That is different per OS and application implementation. Search for "update CA
certificates [your os or app name]"
We only use our LDAP for auth(n/z) so we tell PAM or SSSD (depending on OS version) to use
the CA cert we push onto those nodes using our configuration management system (e.g.:
puppet, chef) – without having to modify our CA bundles. We DO have an internal CA that
java apps must support, as well as some system level apps: on those nodes we update the
system as needed (CentOS or Java).
From: openldap-technical [mailto:email@example.com] On Behalf Of
Sent: Monday, October 05, 2015 12:01 PM
To: Dieter Klünter <dieter(a)dkluenter.de>
Subject: Re: SSL based ldap server
Do we need to have CA certificate/server key on other client machine as well? If yes,
then how can we achieve that?
On Sun, Oct 4, 2015 at 9:00 PM, Dieter Klünter
Am Sun, 4 Oct 2015 19:18:19 +0500
schrieb Aneela Saleem
I have followed this link
I update openssl.cnf file manually and added the ip address of other
client machine. Then i generated ssl certificate. Now accessing
ldaps:// platalytics.com:636<http://platalytics.com:636> from other client machine
(i also have
added platalytics.com<http://platalytics.com> in /etc/hosts file) but unable to
from external ip address. What i'm missing now?
Domain Name Service? Firewall? Routing Tables?
On Fri, Oct 2, 2015 at 5:35 PM, Aneela Saleem
> Hi Michael,
> Thanks for explaining. I just so far performed server side
> validation using the link
> Can you please guide me how can we perform client side
> verification? Means how to set subjectAltName extension?
> On Fri, Oct 2, 2015 at 4:10 PM, Michael Ströder
> <firstname.lastname@example.org<mailto:email@example.com>> wrote:
>> Aneela Saleem wrote:
>> > What if i want to access LDAP from external source? how would it
>> > platalytics.com<http://platalytics.com>?
>> Hope fully the client perfoms the TLS hostname check as defined in
>> RFC 6125.
>> All hostnames and IP addresses used by clients have to be listed
>> in the subjectAltName extension.
>> Ciao, Michael.
Dieter Klünter | Systemberatung
GPG Key ID: E9ED159B