Adding Chained CA certificate on /etc/ssl/certinfo.ldif file

Question

I have been created following files for my LDAP server using certtool. 1.root.pem 2.ldap_crt.pem 3.ldap_key.pem

Above created files has been configured in the /etc/ssl/certinfo.ldif file like mentioned below.

olcTLSCACertificateFile: /etc/ldap/ssl/root.pem
olcTLSCertificateFile: /etc/ldap/ssl/ldap_crt.pem
olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap_key.pem

As of this everything is working fine for me with ssl and startTLS.

Now I have created intermediate CA file.

Question 1 - Could any one help me here for configuring the intermediate CA in to /etc/ssl/certinfo.ldif file.

Question 2 - Do we need to add specific entry for root CA as well as intermediate CA or any one of the CA certificate itself is fine.

score 0 · Answer 1 · answered Dec 10 '22 at 12:40

0

OpenLDAP does not have a separate configuration parameter for specifying intermediate CA certificate(s).

You either append the chain to the file referenced by olcTLSCertificateFile or prepend it to the file referenced by olcTLSCACertificateFile.

answered Dec 10 '22 at 12:40

Michael Ströder

974
5
9

Adding Chained CA certificate on /etc/ssl/certinfo.ldif file

1 Answers1