Does anyone possibly have an answer to these questions? I'm quite
stumped at the moment, and would love to try and get this fully working.
Date: Thu, 17 Nov 2005 10:09:45 -0600
From: Michael Montgomery <mmontgomery(a)theplanet.com>
Subject: Re: Re: [Fedora-directory-users] ssl client authentication
Thank you very much for your response. I just have a couple more
questions so I can be sure I know what I'm talking about.
> the directory server (your SSL server) replies with the certificate chain which
> the CA certificate, and the self-signed SSL certificate."
I'm assuming the 'self-signed SSL cerificate' is the client's ssl
certificate I imported into the SSL server's store, and NOT the server's
own client certificate?
> you should have the SSL certificate imported into your SSL client's security
> and it should be marked as trusted (i.e -t "CT,CT,CT").
Is there any documentation on how to do this with a RHEL4 server? The
only things that come to mind are the openssl dirs '/usr/share/ssl/*',
and possibly installing the certutil package on this machine...(but how
would the ldap.conf file reference this, and even know about it... I'm
curious about integration)
>Another way to do this is to sign your SSL server certificate with your self-signed
> certificate, and import your CA certificate into your SSL client's security
I'm assuming you're talking about this option to Sign/Validate a
-V Validate a certificate
-n cert-name The nickname of the cert to Validate
-b time validity time ("YYMMDDHHMMSS[+HHMM|-HHMM|Z]")
-e Check certificate signature
-u certusage Specify certificate usage:
C SSL Client
V SSL Server
S Email signer
R Email Recipient
-d certdir Cert database directory (default is ~/.netscape)
-P dbprefix Cert & Key database prefix
-X force the database to open R/W
But then there's still the above question of how to import it into
Once again, thank you very much for your answers up to this point, as
they were quite helpful.