[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nssldap
Subject:    Re: [nssldap] tls and nss_ldap
From:       Andreas Hasenack <andreas () conectiva ! com ! br>
Date:       2001-12-23 15:50:33
[Download RAW message or body]

Em Wed, Dec 05, 2001 at 04:05:11PM -0500, David Krovich escreveu:
> 	I guess the thing I'm least sure about is the certificate signing.  If

You can use this to create a self-signed certificate:
openssl req -new -x509 -nodes -out server.crt -keyout server.key

Answer with your hostname's fqdn to the common name question.
Check the TLS* configuration directives in slapd.conf and make
them point to these files you just generated. You should then have
start-tls capability when restarting the ldap server.

Another hint: you *have* to use the fqdn when accessing the ldap
server via tls/ssl, it has to be the same name as the one in the
certificate.

[prev in list] [next in list] [prev in thread] [next in thread]