[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Error using TLS

El Martes, 23 de Enero de 2007 22:50, Alex Samad escribiÃ:
> > 4) Edit the certificate to remove the key and rename:
> > #> vi newreq.pem
> > [...]
> > #> mv newreq.pem cert.pem
> don't you need to sign it here ?

Yes, as I say in my other mail, the problem it that I use "CA.pl -req" instead 
of "CA.pl -cert" (that geenrates an autosigned cert).

> can you tell me what happens when you run
> openssl x509 -in /etc/ldap/ssl/cert.pem -noout -text
> and if this works
> openssl rsa -in /etc/ldap/ssl/key.pem -noout -text

Now I've generated the autosigned certificate and slapd runs.
My actual problem is that a few clients that I've probed (as Kaddressbook 
using an LDAP addressbook) refuese these certificate with the warning "Error 
in the certificate".

And if I do:

# ldapsearch -ZZ -h debian.domian.net -x * -LL -d 65535
I get:
TLS certificate verification: Error, self signed certificate

So I asume that most ldap clients don't allow an autosigned certificate.

Anyway, I'm learning now about certificates, so I have to investigate first ;)

Thanks for all.

IÃaki Baz Castillo