Security Certificates
Certificates
- Formats
- When to use what
- Global Add/Remove (cn=config)
- Global Add/Remove (slapd.conf)
Global Configuration Parameters
See: TLS OPTIONS cn=config slapd.conf
TLSCACertificateFile | olcTLSCACertificateFile
TLSCACertificatePath | olcTLSCACertificatePath
TLSCertificateFile | olcTLSCertificateFile
TLSCertificateKeyFile | olcTLSCertificateKeyFile
TLSCipherSuite | olcTLSCipherSuite
TLSCRLCheck | olcTLSCRLCheck
TLSCRLFile | olcTLSCRLFile
TLSRandFile | olcTLSRandFile
TLSVerifyClient | olcTLSVerifyClient
TLSDHParamFile | olcTLSDHParamFile
TLSProtocolMin | olcTLSProtocolMin
Certificate Testing
- Expiration Check
- Subject/subjectAltName Check
- s_client Check (incl. starttls note)
- Add TLSVerifyClient Blurb