Re: help SSL on Openldap and java

s g sirisha.kmb@gmail.com writes:

Our requirement is that we need to test if a server certificate from
Openldap server is valid and then upload to our trust store and use the
certificate for further communications using SSL to the ldap server.
I configured Openldap for SSL as per the Openldap admin guide - generated
the 3 certificates cacert.pem,servercert.pem and serverkey.pem and put the
corresponding entries in slapd.conf file. My assumption is cacert.pem is
the file for the CA,servercert.pem is the server certificate file(?!) and
the serverkey.pem is the file containing the private key to the server.
After configuring my client ldap.conf file to point to cacert.pem as per
the following directives -

TLS_CACERTDIR <path to my cacert.pem file>
TLS_REQCERT hard

[...]

I would recommend to use TLS_CACERT <path to cacert.pem> The parameter CACERTDIR requires the CA's in this directory to be hashed.

-Dieter