--- Alex aka Magobin <magobin at gmail.com> wrote: > On gio, 2006-03-23 at 08:43 -0800, Susan wrote: > > This is what I did to get ssl repl working: > > > > 1. generate a single CA certificate and use that to sign both the supplier and consumer > > certificates. Each server doesn't need its own CA. > > > > on the consumer: > > > > > > Thank you Susan for your reply...two question 4 you if possible: > > 1) This procedure..similar to (Chapter 8 in Administration Guide)...but > you have to create cert db before yes, cert db must exist, for a cert to be exported out of it :) > > 2) To make secure replication...I have to enable ssl on DS...in this > case...is still possible to query LDAP on port 389 ?? yes. One way to disable it is to set the ldap port to 0, FDS will then say on startup that non secure access has been disabled, proceeding. That will break the console access, however. I haven't been able to turn off non-ssl access AND still be able to use the console. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
