mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-04-12 15:10:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#9934 slapd-config(5) add new TLS cert/key settings

Browse Source
This commit is contained in:
Howard Chu 2025-03-25 16:32:12 +00:00 committed by Quanah Gibson-Mount
parent f8f0fa4799
commit e5d841f46d
1 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
doc/man/man5/slapd-config.5
View File

@ -954,6 +954,13 @@ or the olcTLSCACertificateFile is defined. If both are specified, both
locations will be used. Multiple directories may be specified,
separated by a semi-colon.
.TP
.B olcTLSCACertificate: <CA cert>
Stores a single CA certificate that will be trusted by the server, in DER format.
If this option is set, the \fBolcTLSCACertificateFile\fP and
\fBolcTLSCACertificatePath\fP options are ignored. If multiple
CA certificates are required, the \fBolcTLSCACertificateFile\fP
or \fBolcTLSCACertificatePath\fP options must be used instead of this option.
.TP
.B olcTLSCertificateFile: <filename>
Specifies the file that contains the
.B slapd
@ -962,17 +969,24 @@ server certificate.
When using OpenSSL that file may also contain any number of intermediate
certificates after the server certificate.
.TP
.B olcTLSCertificate: <cert>
Stores a single certificate for the server, in DER format. If this option is
used, the \fBolcTLSCertificateFile\fP option is ignored.
.TP
.B olcTLSCertificateKeyFile: <filename>
Specifies the file that contains the
.B slapd
server private key that matches the certificate stored in the
.B olcTLSCertificateFile
file. If the private key is protected with a password, the password must
server private key that matches the specified server certificate.
If the private key file is protected with a password, the password must
be manually typed in when slapd starts. Usually the private key is not
protected with a password, to allow slapd to start without manual
intervention, so
it is of critical importance that the file is protected carefully.
.TP
.B olcTLSCertificateKey <key>
Stores the private key that matches the server certificate. If this option is
used, the \fBolcTLSCertificateKeyFile\fP option is ignored.
.TP
.B olcTLSDHParamFile: <filename>
This directive specifies the file that contains parameters for Diffie-Hellman
ephemeral key exchange. This is required in order to use a DSA certificate on