[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Error using TLS

To: openldap-software@openldap.org
Subject: Re: Error using TLS
From: IÃaki <ibc2@euskalnet.net>
Date: Tue, 23 Jan 2007 23:52:32 +0100
Content-disposition: inline
In-reply-to: <20070123215041.GN3981@samad.com.au>
References: <200701232157.03121.ibc2@euskalnet.net> <20070123215041.GN3981@samad.com.au>
User-agent: KMail/1.9.5

El Martes, 23 de Enero de 2007 22:50, Alex Samad escribiÃ:
> > 4) Edit the certificate to remove the key and rename:
> > #> vi newreq.pem
> > [...]
> > #> mv newreq.pem cert.pem
>
> don't you need to sign it here ?

Yes, as I say in my other mail, the problem it that I use "CA.pl -req" instead 
of "CA.pl -cert" (that geenrates an autosigned cert).



> can you tell me what happens when you run
>
> openssl x509 -in /etc/ldap/ssl/cert.pem -noout -text
>
> and if this works
>
> openssl rsa -in /etc/ldap/ssl/key.pem -noout -text

Now I've generated the autosigned certificate and slapd runs.
My actual problem is that a few clients that I've probed (as Kaddressbook 
using an LDAP addressbook) refuese these certificate with the warning "Error 
in the certificate".

And if I do:

# ldapsearch -ZZ -h debian.domian.net -x * -LL -d 65535
I get:
[...]
TLS certificate verification: Error, self signed certificate
[...]

So I asume that most ldap clients don't allow an autosigned certificate.


Anyway, I'm learning now about certificates, so I have to investigate first ;)



Thanks for all.




-- 
IÃaki Baz Castillo

Follow-Ups:
- Re: Error using TLS
  - From: Howard Chu <hyc@symas.com>

References:
- Error using TLS
  - From: IÃaki <ibc2@euskalnet.net>
- Re: Error using TLS
  - From: Alex Samad <alex@samad.com.au>

Prev by Date: Re: getting DN from client with GSSAPI bind?
Next by Date: Re: getting DN from client with GSSAPI bind?
Index(es):
- Chronological
- Thread