Hi,
I am planing a transition of the certificate I use in OpenLDAP for LDAP over SSL (port 636).
My selft signed certificate is quite old and has become obsolete/not recognized on some systems (for example Mac OS 10.11) so it is time to update.
But I have many systems that use LDAP and updating all of them cannot be done at once.
So I was wondering if it is possible to have one single slapd process running with several posut open over SSL, keeping port 636 with the old certificate and opening port 637 with the new certificate.
That way, i can transition the clients at my onw pace, not needing to do all at same time.
I know that I could set-up a slave server, but that would be not as transparent s0 I'd prefer my idea of havingslapd -h ldaps://192.168.10.1:636/ ldaps:/192.168.10.1:637/ each using a different certificate.
Thanks in advance,
Olivier
I know that I could set-up a slave server, but that would be not as transparent s0 I'd prefer my idea of havingslapd -h ldaps://192.168.10.1:636/ ldaps:/192.168.10.1:637/ each using a different certificate.
I did so: I put two ldap slave servers (server-server-new and server-old). On the server-old I put the old certificate on the server-new I put the new certificate.
The old applications I point to the server-old and the other applications I use the server-new.
Sincerely, jarbas
openldap-technical@openldap.org
-
Jarbas Peixoto Júnior -
Olivier Nicole