[Fedora-directory-users] certificates
Susan
logastellus at yahoo.com
Wed Jan 11 18:36:19 UTC 2006
> > I thought I needed the cacert line in /etc/openldap/ldap.conf to point the
> > ldap client to the CA cert we trust, otherwise we might not trust the
> > server certificate being signed by the CA.
> >
> > Thanks again,
> > Jo
> >
> That's correct, you always need the CA cert on all of the servers and
> clients. (Unless you're using anonymous cipher suites, in which case you
> don't need any certs at all. But that's pretty reckless.)
I have server-side, self-generated, self-signed certs. None of those certs exist on any of the
clients, all my ldap traffic is ssl-encrypted over 636, no problem. Is that what you mean by
"anonymous cipher suites"? If so, why is that reckless? I don't really care if the clients
misrepresent themselves, I just care that the server doesn't.
Perhaps I'm not understanding what you are saying....?
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Fedora-directory-users
mailing list