[Fedora-directory-users] TLS for dummies
David Boreham
david_list at boreham.org
Fri Dec 9 19:31:01 UTC 2005
>My thinking is that this somehow has something to do with the TLS_CACERT
>in /etc/openldap/ldap.conf (the certificate for the client).
>
>
In general most folk don't need client certs, but AFAIK the openldap
ldapsearch
_requires_ that you present a client cert.
>Would this be the issue?
>
>
Probably yes. Shouldn't you be using a user-specific ldap.conf for your
client-side config ?
>Is there a better method for creating the client certificate from either
>the CA certificate (generated by openssl) or from the FDS Server
>Certificate (also generated by openssl)?
>
>
Provided the client cert was signed by the same CA as the server cert,
you should be ok. The client cert has no relationship per se with the
server cert.
More information about the Fedora-directory-users
mailing list