On Fri, Jul 25, 2008 at 10:20:55AM +0200, Buchan Milne wrote:
On Friday 25 July 2008 01:13:37 John Oliver wrote:
On Thu, Jul 24, 2008 at 04:04:10PM -0700, Quanah Gibson-Mount wrote:
Any client will need to know about the CA that signed your self-signed cert.
I created my certificate with:
openssl req -new -x509 -nodes -out /etc/ssl/ldap.pem -keyout /etc/openldap/ssl/ldap.pem -days 3650
In slapd.conf I have:
TLSCertificateFile /etc/ssl/ldap.pem TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem TLSCACertificateFile /etc/ssl/ldap.pem
What do I need to do differently?
Configure the *client* ???
The clients work perfectly with the working server. Why would they have to have a different configuration to talk to the backup LDAP server? That would pretty much defeat the purpose of having multiple LDAP servers ;-)
Now, unless you've split the cert out separately, you're most likely going to be exposing the private key as well, which means there's pretty much no point to your encryption ....
To be honest, I have no idea about "splitting the cert". I know nothing about OpenSSL. At the moment, I'm far more interested in getting the second LDAP server working than I am in having perfect security. None of these systems are on a public network.