ssl

There is a good script to make the 389-ds SSL ready. It creates a selfsigned CA and derives certificates from it. So how does it work?

In the server directory /etc/dirsrv are at least two subdirs for the administration-server admin-serv ⇒ $assecdir and the real ldap slapd-localhost ⇒ $secdir (depends on your installation)

We are using SSL vHosts¹ a lot for our server. All certs are signed by CAcert² with a 2 years validity. That’s lasts not very long and have to be checked frequently.