On Fri, May 20, 2011 at 6:50 AM, David Dumortier <[email protected]> wrote: [...] > I generated a self-signed certificate with these options : > certtool --generate-privkey --outfile /etc/ldap/ssl/mykey.key > certtool --generate-request --load-privkey /etc/ldap/ssl/mykey.key --outfile > /etc/ldap/ssl/mycsr.csr [..] > Here is my slapd conf : > olcTLSVerifyClient: demand > olcTLSCertificateFile: /etc/ldap/ssl/mycsr.csr > olcTLSCertificateKeyFile: /etc/ldap/ssl/mykey.key >
CSR = Certificate signing request [1] # Create a private key and a self-signed certificate (public key inside). $ openssl req -x509 -newkey rsa:2048 -nodes -key Example_CA.key -out Example_CA.cer -days 7305 [1] http://en.wikipedia.org/wiki/Certificate_signing_request -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net "While not fully understand a software, don't try to adapt this software to the way you work, but rather yourself to the way the software works" (myself)
