Score:1

Adding Chained CA certificate on /etc/ssl/certinfo.ldif file

eg flag

I have been created following files for my LDAP server using certtool. 1.root.pem 2.ldap_crt.pem 3.ldap_key.pem

Above created files has been configured in the /etc/ssl/certinfo.ldif file like mentioned below.

olcTLSCACertificateFile: /etc/ldap/ssl/root.pem
olcTLSCertificateFile: /etc/ldap/ssl/ldap_crt.pem
olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap_key.pem

As of this everything is working fine for me with ssl and startTLS.

Now I have created intermediate CA file.

Question 1 - Could any one help me here for configuring the intermediate CA in to /etc/ssl/certinfo.ldif file.

Question 2 - Do we need to add specific entry for root CA as well as intermediate CA or any one of the CA certificate itself is fine.

Score:0
cn flag

OpenLDAP does not have a separate configuration parameter for specifying intermediate CA certificate(s).

You either append the chain to the file referenced by olcTLSCertificateFile or prepend it to the file referenced by olcTLSCACertificateFile.

I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.