How can I configure TLS/SSL for OpenLDAP 2.2x server?
After obtaining the required certificates, a number of options must be configured on both the client and the server to enable TLS and make use of the certificates. At a minimum, the clients must be configured with the filename containing all of the Certificate Authority (CA) certificates it will trust. The server must be configured with the CA certificates and also its own server certificate and private key. Typically a single CA will have issued the server certificate and all of the trusted client certificates, so the server only needs to trust that one signing CA. However, a client may wish to connect to a variety of secure servers managed by different organizations, with server certificates generated by many different CA’s. As such, a client is likely to need a list of many different trusted CA’s in its configuration. Server Configuration The configuration directives for slapd belong in the global directives section of slapd.conf(5) • TLSCACertificateFile
After obtaining the required certificates, a number of options must be configured on both the client and the server to enable TLS and make use of the certificates. At a minimum, the clients must be configured with the filename containing all of the Certificate Authority (CA) certificates it will trust. The server must be configured with the CA certificates and also its own server certificate and private key. Typically a single CA will have issued the server certificate and all of the trusted client certificates, so the server only needs to trust that one signing CA. However, a client may wish to connect to a variety of secure servers managed by different organizations, with server certificates generated by many different CA’s. As such, a client is likely to need a list of many different trusted CA’s in its configuration. Server Configuration The configuration directives for slapd belong in the global directives section of slapd.conf(5) TLSCACertificateFile
