Symas OpenLDAP Knowledge Base

Security Certificates

Certificates

OpenSSL Wiki

  • Formats
  • When to use what
  • Global Add/Remove (cn=config)
  • Global Add/Remove (slapd.conf)

Global Configuration Parameters

See: TLS OPTIONS cn=config slapd.conf

TLSCACertificateFile | olcTLSCACertificateFile

TLSCACertificatePath | olcTLSCACertificatePath

TLSCertificateFile | olcTLSCertificateFile

TLSCertificateKeyFile | olcTLSCertificateKeyFile

TLSCipherSuite | olcTLSCipherSuite

TLSCRLCheck | olcTLSCRLCheck

TLSCRLFile | olcTLSCRLFile

TLSRandFile | olcTLSRandFile

TLSVerifyClient | olcTLSVerifyClient

TLSDHParamFile | olcTLSDHParamFile

TLSProtocolMin | olcTLSProtocolMin

Certificate Testing

  • Expiration Check
  • Subject/subjectAltName Check
  • s_client Check (incl.¬†starttls note)
  • Add TLSVerifyClient Blurb