Hi,
I’m adding SSL to an existing openLDAP server. My certificate is a 2048 bit from Comodo and I need to install both the certificate and and the intermediate chain, 5 certificates altogether. I bundled the chain into a single file in the order Comodo lists and in slapd.conf I added:
TLSCACertificateFile /path/to/providerBundle.crt TLSCertificateFile /path/to/mycert.pem TLSCertificateKeyFile /path/to/mykey.pem
Then I restarted openLDAP. I have several different browsers to test the SSL connection, and mostly they all worked just fine. However, lbe, a java based browser that I think was originally from Novel, asks me if I want to trust the CA root certificate, which is the first cert in the CA bundle.
So, needless to say, I’m confused. Can anyone help unconfuse me?
Thanks.
Rob Tanner UNIX Services Manager Linfield College, McMinnville Oregon
Then I restarted openLDAP. I have several different browsers to test the SSL connection, and mostly they all worked just fine. However, lbe, a java based browser that I think was originally from Novel, asks me if I want to trust the CA root certificate, which is the first cert in the CA bundle.
seems like an lbe problem not an openldap problem.
it sounds like lbe just doesn't have this cert in its default root certificate bundle. Not surprising if it's old software.
danno -- Dan Pritts, Sr. Systems Engineer Internet2 office: +1-734-352-4953 | mobile: +1-734-834-7224
openldap-technical@openldap.org
-
Dan Pritts -
Rob Tanner