20 May
2011
20 May
'11
10:43 a.m.
On Fri, May 20, 2011 at 6:50 AM, David Dumortier d.dumortier@free.fr wrote: [...]
I generated a self-signed certificate with these options : certtool --generate-privkey --outfile /etc/ldap/ssl/mykey.key certtool --generate-request --load-privkey /etc/ldap/ssl/mykey.key --outfile /etc/ldap/ssl/mycsr.csr
[..]
Here is my slapd conf : olcTLSVerifyClient: demand olcTLSCertificateFile: /etc/ldap/ssl/mycsr.csr olcTLSCertificateKeyFile: /etc/ldap/ssl/mykey.key
CSR = Certificate signing request [1]
# Create a private key and a self-signed certificate (public key inside). $ openssl req -x509 -newkey rsa:2048 -nodes -key Example_CA.key -out Example_CA.cer -days 7305
[1] http://en.wikipedia.org/wiki/Certificate_signing_request
--
Reinaldo de Carvalho
http://korreio.sf.net
http://python-cyrus.sf.net
"While not fully understand a software, don't try to adapt this
software to the way you work, but rather yourself to the way the
software works" (myself)