On 07/31/2013 11:50 AM, Ulrich Windl wrote:
Hi!
I had the same problem, and I found a solution:
In config, don't use the host name as filename for the certificate/key, but use the service name (like "slapd"). Then (the confusing part), store the server's certificate in that "slapd" file. So even if the file name is the same on every server, the file's contents are different.
I use (SLES11, your paths may vary):
olcTLSCertificateFile: /etc/ssl/servercerts/slapd.pem olcTLSCertificateKeyFile: /etc/ssl/private/slapd.key olcTLSCACertificatePath: /etc/ssl/certs
Here that works fine, but I feel documentation should talk about that also.
Wow that certainly is a solution I did not see coming. Thanks! I think I got it working now :-) IMHO it sounds like a bug to me. Never seen such a requirement for a TLS config.
Thanks again, much appreciated!
Regards, Patrick