On Wednesday, 7 July 2010 23:06:40 Bryan Boone wrote:
Hi everyone. I am kinda a noob to OpenLDAP and SSL for that matter.
I am writting a web page that resides on a special piece of proprietary hardware (not a PC) that I need authentication for (running linux with apache server). I would like LDAP to be one of the authentication methods (this hardware will be a LDAP client) when a customer logs into the web page of my device. Of course I need this to support LDAP with SSL.
I went to the openldap website and found the directions to create and generated the SSL certs and installed them in openLDAP (3 total). There is the server cert and key, and then the client cert.
You know how when connecting to a https:// website IE, or firefox will prompt you if you want to accept the SSL certificate (if the cert is not signed by a CA)? Does openldap provide a mechanism that will accomplish the same thing (automatic client cert acceptance)?
No.
Or will I need to provide a way on my hardware where the customer can manualy upload his/her client cert to the device?
If you want SSL cert validation, you must either ship with the CA certs you want, or provide a means to upload a CA cert.
Regards, Buchan