s g sirisha.kmb@gmail.com writes:
Thanks for replying. I was a bit occupied, so I could not back soon. Going by your mail, I went through the certificate generation process again. What I found is that for some reason, the cacert.pem file (which is the certificate for the CA) shows the following - X509v3 extensions: X509v3 Basic Constraints: CA:FALSE I am attaching the steps I followed and the certificate files generated as per the tutorial http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#4.2.
Did you read the note on top of this paper?
Shouldn't the above field be CA:true? Also, how do I make sure that the flag that you mentioned below gets set to "SSL server".
edit openssl.cnf accordingly, or use tinyCA to create a certificate chain http://tinyca.sm-zone.net/index.html
-Dieter