Hi, Am 06.05.2016 um 18:38 schrieb Darin Perusich:
/etc/ssl/certs is depreciated and is now a softlink to /var/lib/ca-certificates/pem, updates will not clobber any files you place underneath it. CA certificates should be placed under /etc/pki/trust/anchors. I've always dropped both my cert(mode 0644) and key(mode 0600), owned by root, into /etc/ssl/certs or /var/lib/ca-certificates/pem.
Are you requiring client certificates for connecting to your LDAP server, otherwise I don't see why you'd need a client cert&key on the client hosts? If you're not requiring client certs then the only requirement for LDAPS would be installing and trusting the CA certificate that signed the LDAP servers keypair on any system/service connecting to LDAPS.
I am the LDAP server in that case. I mean I could just always mimic what YaST's ca management does and create /etc/ssl/servercerts which is not touched by anything. I wasn't just sure if that is really the right way. (I know there are thousand ways anyway.) Wolfgang -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org