Hello, Le ven. mai 20 2011 � 02:43:46 -0300, Reinaldo de Carvalho dit : > On Fri, May 20, 2011 at 6:50 AM, David Dumortier <[email protected]> wrote: > [...] > > I generated a self-signed certificate with these options : > > certtool --generate-privkey --outfile /etc/ldap/ssl/mykey.key > > certtool --generate-request --load-privkey /etc/ldap/ssl/mykey.key --outfile > > /etc/ldap/ssl/mycsr.csr > [..] > > Here is my slapd conf : > > olcTLSVerifyClient: demand > > olcTLSCertificateFile: /etc/ldap/ssl/mycsr.csr > > olcTLSCertificateKeyFile: /etc/ldap/ssl/mykey.key > > > > CSR = Certificate signing request [1] > > # Create a private key and a self-signed certificate (public key inside). > $ openssl req -x509 -newkey rsa:2048 -nodes -key Example_CA.key -out > Example_CA.cer -days 7305
As I mentioned it is a gnutls version of slapd (Debian specific compilation) As far as I know (I'm not a expert in certificat), the certtool option is --generate-self-signed to obtain the same result as your command. I start to believe I'll have to compile my own version of openldap with openSSL support :-) > [1] http://en.wikipedia.org/wiki/Certificate_signing_request Thank you for the pointer I understand a little more certificates. > -- > Reinaldo de Carvalho > http://korreio.sf.net > http://python-cyrus.sf.net > > "While not fully understand a software, don't try to adapt this > software to the way you work, but rather yourself to the way the > software works" (myself) Wise sentence :-) -- David Dumortier
