Hi Folks, One of the things that made it exceedingly difficult to get LDAPS running on FC4 (at least for me) was that the openssl version on FC4 was "out of sync" with the LDAP How-To instructions explaining how to create a self-signed certificate so that LDAP SSL can be made to work. In the many online LDAP setup instructions I have seen, the most common on seem refer to the CA.sh file such as the link provided below: http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html#6.1 But the version of openssl on FC4 does not have this directory: /usr/share/ssl nor does: /usr/share/ssl/misc/CA.sh exist. I also noted that openssl in FC4 now uses /etc/pki directory instead of /etc/ssl (but I do see a /etc/ssh directory but is this the same as /etc/pki?) but otherwise is different from the openssl version used in FC3/2/1? Perhaps this is not surprising but it does make it a bit difficult to keep up with the changing trends. So can anyone explain what the procedure is for creating a self-signed certificate, how to properly setup LDAP for SSL/TLS support at the client and server side? The link provided above talks about client side certificates but it seems rather vague since it is not clear how exactly a client certificate should be created or if client certificates have to copied to other systems for which users will need to have in order to successfully use the LDAPS server. Finally, does anyone supply their own CA avoiding "trusted" CA sites such as Verisign/Thwait.etc.? Is there really any serious problems or risk by not using them as a trusted CA source? Thanks! Dan -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.7/182 - Release Date: 11/24/2005
