Hi,
i'm using openldap as a ldap proxy to an an other ldap server.
I'd like to get a ldaps connexion between this 2 servers.
so, i configured ldap.conf like this:
TLS_CACERT /usr/local/etc/raddb/RTFE/conca.pem
TLS_REQCERT demand
My issue is that the ssl connexion still works if i comment the line
>TLS_CACERT /usr/local/etc/raddb/RTFE/conca.pem
>TLS_REQCERT demand
>My issue is that the ssl connexion still works if i comment the line with
>TLS_CACERT /usr/local/etc/raddb/RTFE/conca.pem.
>and it should not because without this certificate authority my openldap
proxy should not be able to >che
Small correction:
TLS_CACERT must be the certificate from a ROOT Certificate Authority or
a Certificate Authority certification signed by a known parent CA. CA
means "Certificate Authority". There can be multiple levels of
Certificate
authority.
Every certificate has an Issuer (Certificate
à : openldap-software@openldap.org
> Objet : Re: cetificate issue with ldaps
>
> Small correction:
>
> TLS_CACERT must be the certificate from a ROOT Certificate Authority or
> a Certificate Authority certification signed by a known parent CA. CA
> means "Certificate Authority
