On Apr 22, 2013, at 12:40 PM, Rodney Simioni wrote:
Hi, I’ve been tasked to enable ssl/tls on ldap. The server already has a certificate and key file. After looking at documentation, these are the three files that are needed In the ldap.conf file:
TLSCertificateFile /etc/openldap/servercrt.pem TLSCertificateKeyFile /etc/openldap/serverkey.pem TLSCACertificateFile /etc/openldap/cacert.pem
I already have the TLSCertificateFile and TLSCertificateKeyFile but I don’t have the TLSCACertificateFile. Is that something I have to generate?
---- if you're willing to accept any old certificate and in fact, not even bother checking certificates then no (TLS_REQCERT never).
if you've been tasked to enable ssl/tls you might actually want to learn how certificates work as this really is not an OpenLDAP question.
Craig