OpenLDAP TLS with wildcard domain certs
After the last post on the OpenLDAP trouble I had, I’ve continued trying new things with it and can confirm that wildcard domain certificates do succeed with OpenLDAP.
When creating the certificate request enter for eg *.example.com in the common name field and you can then use the one certificate on all servers that fall in that domain.
BIG WARNING! This is very dangerous if the keys are not secured properly. As if somebody compromises one key, they have compromised all of the services on all the machines that use the same key! So make sure you really want to do this, have the file permissions set correctly and are prepared for the consequences.
Notes on ubuntu-8.10-serverguide-openldap
After deciding to learn to setup OpenLDAP yesterday I realised it was more than a days work, and that the documentation that I thought was going to be the most suited for my platform left a lot of holes for the beginner. I also had a firefox window with all the sites I used as a reference open in tabs, but then decided to print out some colouring pictures for the kids and one site kept crashing firefox (and ruined my day). So no citing references sorry, most of this information was only grepped from google eventually anyway.
The openldap-server guide does try to take you from wo to go fairly well and the following notes are just extra things that would have been handy to know or were needed to continue. (more…)
agentk
