Menu
▾
▴
Re: LDAP over SSL
|
From: Chris R. <chr...@me...> - 2002-01-22 09:09:13
|
Bea...@hy... wrote: > I have a couple of question reguarding LDAP over SSL > > - what is a PEM file? It is a text file, formatted according to the Privacy Enhanced Mail (hence PEM) rules. RFC 1421 might give more details. There is a PEM format for holding certificates, and there is a PEM format for holding private keys. > - what does it contains? a trusted root certificate? Well, they could do. But they can also contain private keys and certificate signing requests etc. As they are text files, you can look at the first couple of lines in the file to find out what a particular file contains. > - do I really need openssl to generate the hash of the PEM file? Technically no. Actually the Net::LDAPS documentation's slightly wrong - "openssl x509 -hash -noout" actually returns a hash of the subject name (which is a DN encoded in BER and not a simple string like in LDAP) in the certificate. In other words if you can extract this name yourself and hash it yourself, then you don't need to use openssl ;-) Since there are various snippets of code around which will read in certificates and extract subject names, this might not be so hard. > - which specific packages does I need to use LDAP over SSL? IO::Socket::SSL, and Net::SSLeay (because IO::Socket::SSL relies on it.) > tia > > Louis > Cheers, Chris |
