--- Alex aka Magobin <magobin(a)gmail.com> wrote:
On gio, 2006-03-23 at 08:43 -0800, Susan wrote:
> This is what I did to get ssl repl working:
>
> 1. generate a single CA certificate and use that to sign both the supplier and
consumer
> certificates. Each server doesn't need its own CA.
>
> on the consumer:
>
Thank you Susan for your reply...two question 4 you if possible:
1) This procedure..similar to (Chapter 8 in Administration Guide)...but
you have to create cert db before
yes, cert db must exist, for a cert to be exported out of it :)
2) To make secure replication...I have to enable ssl on DS...in this
case...is still possible to query LDAP on port 389 ??
yes. One way to disable it is to set the ldap port to 0, FDS will then say on startup
that non
secure access has been disabled, proceeding. That will break the console access, however.
I
haven't been able to turn off non-ssl access AND still be able to use the console.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com