-
Título
How do we specify an Intermediate CA when configuring a custom SSL certificate for the LDAP Bridge? -
Descripción
It is recommended to replace the included SSL certificates with custom certificates. The included certificate is a very simple configuration, with a Root Certificate Authority (CA) and the Server Certificate. It is common that purchased certificates will have a more complicated certificate chain structure. -
Resolución
The full certificate chain must be present, including the Root CA, all intermediate CA's, and the Server Certificate.
Intermediate CA's need to be stored in the same file as the Root Certificate.
The sample installDirectory/conf/systemName/slapd.conf configuration file is as follows:
####################################################
# SSL/TLS options.
####################################################
TLSRandFile %logdir%/entropy.rnd
TLSCACertificateFile %confdir%/certs/ca_cert.pem
TLSCertificateFile %confdir%/certs/server_cert.pem
TLSCertificateKeyFile %confdir%/certs/server_key.pem
TLSCipherSuite HIGH:MEDIUM:+sslv2:RSA
TLSVerifyClient try
TLSCRLCheck peerSo, the ca_cert.pem file would need to contain the Root Certificate and all Intermediate Certificates.