X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=doc%2Fguide%2Fadmin%2Ftls.sdf;h=65878911c345511b1542e614ed6d5a865196f279;hb=59e9ff6243465640956b58ad1756a3ede53eca7c;hp=358c24398e0d91e5f955c4f611cba0054c8486aa;hpb=be3971d5d2b0cf838629509fff7f168d73dbf708;p=openldap diff --git a/doc/guide/admin/tls.sdf b/doc/guide/admin/tls.sdf index 358c24398e..65878911c3 100644 --- a/doc/guide/admin/tls.sdf +++ b/doc/guide/admin/tls.sdf @@ -1,5 +1,5 @@ # $OpenLDAP$ -# Copyright 1999-2013 The OpenLDAP Foundation, All Rights Reserved. +# Copyright 1999-2018 The OpenLDAP Foundation, All Rights Reserved. # COPYING RESTRICTIONS APPLY, see COPYRIGHT. H1: Using TLS @@ -10,7 +10,7 @@ integrity and confidentiality protections and to support LDAP authentication using the {{TERM:SASL}} {{TERM:EXTERNAL}} mechanism. TLS is defined in {{REF:RFC4346}}. -Note: For generating certifcates, please reference {{URL:http://www.openldap.org/faq/data/cache/185.html}} +Note: For generating certificates, please reference {{URL:http://www.openldap.org/faq/data/cache/185.html}} H2: TLS Certificates @@ -96,7 +96,7 @@ files. The {{certutil}} command can be used to add a {{TERM:CA}} certificate: > certutil -d -A -n "name of CA cert" -t CT,, -a -i /path/to/cacertfile.pem -. This command will add a CA certficate stored in the PEM (ASCII) formatted +. This command will add a CA certificate stored in the PEM (ASCII) formatted . file named /path/to/cacertfile.pem. {{EX:-t CT,,}} means that the certificate is . trusted to be a CA issuing certs for use in TLS clients and servers. @@ -134,7 +134,7 @@ When using Mozilla NSS, this directive specifies the name of a file that contains the password for the key for the certificate specified with {{EX:TLSCertificateFile}}. The modutil command can be used to turn off password protection for the cert/key database. For example, if {{EX:TLSCACertificatePath}} -specifes /etc/openldap/certdb as the location of the cert/key database, use +specifies /etc/openldap/certdb as the location of the cert/key database, use modutil to change the password to the empty string: > modutil -dbdir /etc/openldap/certdb -changepw 'NSS Certificate DB'