I managed to get 389-ds working with encryption. Whew. The project should really update http://directory.fedoraproject.org/wiki/Howto:SSL to make it simpler to figure out. I'm willing to, but the wiki says "We are not ready to accept contributions at this time." Anyway, I'm wondering what advantage(s) I'd have in using a 3rd-part signed cert instead of a self-signed one? I admit - this question stems from my ignorance of how clients certify servers. I think I understand that when you use a self-signed cert, that you typically have to 'inform' a client about that cert, telling the client that it is trusted. How would it be different if I used a 3rd-party (like GeoTrust) signed cert? Do clients typically know about common CA's? Do they typically rely on the o.s. to define/supply the list of known CAs? Here are some of the clients I need to talk ldaps to my ldap servers: Zimbra Liferay Apache openldap ldapsearch Home-grown java code Actuate Thanks, -- Jon Detert Sr. Systems Administrator Infinity Healthcare Milwaukee, Wisconsin 414-290-6759 -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
