From: Howard Chu Date: Tue, 25 Mar 2025 16:32:12 +0000 (+0000) Subject: ITS#9934 slapd-config(5) add new TLS cert/key settings X-Git-Tag: OPENLDAP_REL_ENG_2_5_20~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=de50527e940d336c3d7c36c9dc63ee7228eb5a1b;p=thirdparty%2Fopenldap.git ITS#9934 slapd-config(5) add new TLS cert/key settings --- diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5 index 9a47c028ea..b9f851eb5c 100644 --- a/doc/man/man5/slapd-config.5 +++ b/doc/man/man5/slapd-config.5 @@ -931,6 +931,13 @@ certificates in separate individual files. Usually only one of this or the olcTLSCACertificateFile is defined. If both are specified, both locations will be used. .TP +.B olcTLSCACertificate: +Stores a single CA certificate that will be trusted by the server, in DER format. +If this option is set, the \fBolcTLSCACertificateFile\fP and +\fBolcTLSCACertificatePath\fP options are ignored. If multiple +CA certificates are required, the \fBolcTLSCACertificateFile\fP +or \fBolcTLSCACertificatePath\fP options must be used instead of this option. +.TP .B olcTLSCertificateFile: Specifies the file that contains the .B slapd @@ -939,17 +946,24 @@ server certificate. When using OpenSSL that file may also contain any number of intermediate certificates after the server certificate. .TP +.B olcTLSCertificate: +Stores a single certificate for the server, in DER format. If this option is +used, the \fBolcTLSCertificateFile\fP option is ignored. +.TP .B olcTLSCertificateKeyFile: Specifies the file that contains the .B slapd -server private key that matches the certificate stored in the -.B olcTLSCertificateFile -file. If the private key is protected with a password, the password must +server private key that matches the specified server certificate. +If the private key file is protected with a password, the password must be manually typed in when slapd starts. Usually the private key is not protected with a password, to allow slapd to start without manual intervention, so it is of critical importance that the file is protected carefully. .TP +.B olcTLSCertificateKey +Stores the private key that matches the server certificate. If this option is +used, the \fBolcTLSCertificateKeyFile\fP option is ignored. +.TP .B olcTLSDHParamFile: This directive specifies the file that contains parameters for Diffie-Hellman ephemeral key exchange. This is required in order to use a DSA certificate on