(RADIATOR) SSLCAClientKey

[Ryan Moore]

Thanks to a lot of imformative posts on this list, I'm close to a 
LEAP/Cisco WAP/OpenLDAP setup. One last thing (I hope)...I'm having some 
problems with the Radiator doc. Specifically the LDAP AuthBy SSL section.

------->    # Name of the client certificate file:
------->    SSLCAClientCert /path/to/client/certificate.pem

Okay, so this isn't really the "client cert" right? This is the server 
cert copied locally to the Radiator server and is the cert for the LDAP 
server's public key. I think.

------->    # Name of the file containing the client private key
------->    SSLCAClientKey /path/to/client/keyfile.pem

Uh.....what's this for?  Shouldn't Radiator just need the LDAP CA 
certificate and the server cert? Surely this can't refer to the LDAP 
server's private key. I can to LDAPsearch now using TLS just fine, and 
all it needs is the CA cert.

------->    # only need to set one of the following
------->    #SSLCAPath /path/to/CA/cert/dir
------->    SSLCAFile /path/to/file/containing/certificate/of/CA.pem

Why are there two different parameters here? Can the SSLCAPath refer to 
a http folder on the CA server? This isn't really important to me, I've 
already copied the CA cert locally and can point to it.

I feel like there is something really obvious I'm missing here. so I'll 
welcome any flaming.

- Ryan

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.