Hello,
Le ven. mai 20 2011 � 02:43:46 -0300, Reinaldo de Carvalho dit :
On Fri, May 20, 2011 at 6:50 AM, David Dumortier d.dumortier@free.fr wrote: [...]
I generated a self-signed certificate with these options : certtool --generate-privkey --outfile /etc/ldap/ssl/mykey.key certtool --generate-request --load-privkey /etc/ldap/ssl/mykey.key --outfile /etc/ldap/ssl/mycsr.csr
[..]
Here is my slapd conf : olcTLSVerifyClient: demand olcTLSCertificateFile: /etc/ldap/ssl/mycsr.csr olcTLSCertificateKeyFile: /etc/ldap/ssl/mykey.key
CSR = Certificate signing request [1]
# Create a private key and a self-signed certificate (public key inside). $ openssl req -x509 -newkey rsa:2048 -nodes -key Example_CA.key -out Example_CA.cer -days 7305
As I mentioned it is a gnutls version of slapd (Debian specific compilation) As far as I know (I'm not a expert in certificat), the certtool option is --generate-self-signed to obtain the same result as your command. I start to believe I'll have to compile my own version of openldap with openSSL support :-)
[1] http://en.wikipedia.org/wiki/Certificate_signing_request
Thank you for the pointer I understand a little more certificates.
-- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net
"While not fully understand a software, don't try to adapt this software to the way you work, but rather yourself to the way the software works" (myself)
Wise sentence :-)