If you try to setup your own CA, you might notice that not all applications support your new, self signed certificate out of the box. One example I like to show here is Apache AuthLDAP.
- installed your certificates in /etc/ssl/certs/
- run c_rehash
Insert the following line into /etc/ldap.conf :
…and the following lines in /etc/openldap/ldap.conf :
TLS_CACERTDIR /etc/ssl/certs/ TLS_REQCERT allow
To test if everything works as expected, run the following command (use your own options instead):
ldapsearch -ZZ -x uid=foo -b dc=example,dc=com