On Thu, Jul 24, 2008 at 04:20:02PM -0700, Quanah Gibson-Mount wrote:
--On Thursday, July 24, 2008 4:13 PM -0700 John Oliver joliver@john-oliver.net wrote:
On Thu, Jul 24, 2008 at 04:04:10PM -0700, Quanah Gibson-Mount wrote:
Any client will need to know about the CA that signed your self-signed cert.
I created my certificate with:
openssl req -new -x509 -nodes -out /etc/ssl/ldap.pem -keyout /etc/openldap/ssl/ldap.pem -days 3650
In slapd.conf I have:
TLSCertificateFile /etc/ssl/ldap.pem TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem TLSCACertificateFile /etc/ssl/ldap.pem
What do I need to do differently?
Create your own CA first? Then sign your own certs with it.
I don't understand why I must handle certs one way on one server, and another way on the other. The self-signed cert works just fine on the other, and I foresee problems if one is self-signed and the other isn't... one day, there's going to be some bizzare SSL issue that'll have me tearing my hair out for a week, until someone finally discovers what's going on and says "You fscking dummy, why the hell are you doing this?"
And I'm not particularly keen to break the working server so it can be in the same state of borkenness as the one I'm fighting now.
It would be absolutely fantastic if someone could tell me why one self-signed cert works and the other doesn't.