[Pki-devel] [PATCH] Allow use of secure LDAPS connection
Matthew Harmsen
mharmsen at redhat.com
Fri Mar 13 01:33:25 UTC 2015
Please review the attached patch which addresses the following issue:
* PKI TRAC Ticket #1144 - pkispawn needs option to specify ca cert for
ldap <https://fedorahosted.org/pki/ticket/1144>
Using my Fedora 21 laptop, I was able to successfully install and
configure a Directory Server to use LDAPS (documented procedure in
attached 'pkispawn' man page), and was able to use the exported
Directory Server CA certificate to successfully install and configure a
CA using this CA certificate in conjunction with the secure Directory
Server.
I verified that the two servers were speaking TLS by checking
/var/log/dirsrv/slapd-pki/access:
* TLS1.2 128-bit AES-GCM
Additionally, I successfully installed an OCSP subsystem into this
shared PKI instance.
For the CA, I successfully tested both non-interactive as well as
interactive modes of pkispawn.
Thanks,
-- Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20150312/b8ef4799/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20150312-Allow-use-of-secure-LDAPS-connection.patch
Type: text/x-patch
Size: 26472 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20150312/b8ef4799/attachment.bin>
More information about the Pki-devel
mailing list