Adding Chained CA certificate on /etc/ssl/certinfo.ldif file

ram ajay

12/1/23, 11:55 AM

I have been created following files for my LDAP server using certtool. 1.root.pem 2.ldap_crt.pem 3.ldap_key.pem

Above created files has been configured in the /etc/ssl/certinfo.ldif file like mentioned below.

olcTLSCACertificateFile: /etc/ldap/ssl/root.pem
olcTLSCertificateFile: /etc/ldap/ssl/ldap_crt.pem
olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap_key.pem

As of this everything is working fine for me with ssl and startTLS.

Now I have created intermediate CA file.

Question 1 - Could any one help me here for configuring the intermediate CA in to /etc/ssl/certinfo.ldif file.

Question 2 - Do we need to add specific entry for root CA as well as intermediate CA or any one of the CA certificate itself is fine.

101

1 + 0

openldap

ldap

self-signed-certificate

Score:0

Server

Michael Ströder

12/10/23, 12:40 PM

OpenLDAP does not have a separate configuration parameter for specifying intermediate CA certificate(s).

You either append the chain to the file referenced by olcTLSCertificateFile or prepend it to the file referenced by olcTLSCACertificateFile.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Adding Chained CA certificate on /etc/ssl/certinfo.ldif file

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.