Hi!
See my message on the same subject a few weeks ago: Use the same path to store different server certificates and server keys. To every server points to the same file, but the files are not the same. It works...
Maybe for the developers: Wouldn't it make sense to allow a server certificate (and key) path depending on the server ID (i.e.: allow multiple server certificates (and keys))?
Regards, Ulrich
"lux-integ" lux-integ@btconnect.com schrieb am 21.11.2013 um 12:11 in
Nachricht 201311211111.15669.lux-integ@btconnect.com:
Greetings,
I am learning to configure/use openldap. I have a question regarding database replication I have a primary openldap server. I prepared/installed openssl certificates for the server -and he slapd.conf has these lines
#--- Define SSL and TLS properties TLSCertificateFile /etc/certs/ldap1stServerCert.pem TLSCertificateKeyFile /etc/certs/ldap1stServerKey.pem TLSCACertificateFile /etc/certs/cacert.pem #---if client authentication is/isNOT required TLSVerifyClient demand
I want to replicate the database over two other hosts. Call these 2ndServer and 3rdserver. Both of these computers ALSO have ssl certificates in /etc/certs like so:-
#### in 2nd ldap host /etc/certs/ldap2ndServerCert.pem /etc/certs/ldap2ndServerKey.pem /etc/certs/cacert.pem
#### in 3rd ldap host /etc/certs/ldap3rdServerCert.pem /etc/certs/ldap3rdServerKey.pem /etc/certs/cacert.pem
As regards these certificates (the fact that they are not the same ) I would like to know what happens when I try to do replication.. I am following the guides 18.3.1.1. Syncrepl configuration ( http://www.openldap.org/doc/admin24/replication.html ) and 18.3.2. Delta-syncrepl ( also from http://www.openldap.org/doc/admin24/replication.html )
( In otherwords is is best to remove the certificates and install after replication or whatever. )
Thanks in advance
sincerely LuxInteg