Bryan,

 

The method of completing “Does openldap provide a mechanism that will accomplish the same thing (automatic client cert acceptance)?” is to have a real cert authority issue the cert.  They’re pretty nice about it even, at least if you give them money.

 

I /highly/ recommend you read up on SSL certs, differences between self-signed and purchased, etc.

 

Here’s a hint: Self-Signed aren’t trusted anywhere.  Most equipment, browsers, etc, come with a list of trusted providers.

 

Spend a week on SSL/Certs – it’ll be worth your time.

 

- chris

 

From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Bryan Boone
Sent: Wednesday, July 07, 2010 3:07 PM
To: openldap-technical@openldap.org
Subject: Question about LDAP and SSL.

 

Hi everyone.  I am kinda a noob to OpenLDAP and SSL for that matter.

 

I am writting a web page that resides on a special piece of proprietary hardware (not a PC) that I need authentication for (running linux with apache server).  I would like LDAP to be one of the authentication methods (this hardware will be a LDAP client) when a customer logs into the web page of my device.  Of course I need this to support LDAP with SSL.

 

I went to the openldap website and found the directions to create and generated the SSL certs and installed them in openLDAP (3 total).  There is the server cert and key, and then the client cert.

 

You know how when connecting to a https:// website IE, or firefox will prompt you if you want to accept the SSL certificate (if the cert is not signed by a CA)?  Does openldap provide a mechanism that will accomplish the same thing (automatic client cert acceptance)?  Or will I need to provide a way on my hardware where the customer can manualy upload his/her client cert to the device?

 

Does that make sense?

 

thanks

 



This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.