[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: StartTLS is not working

Hi Dat,

first of all: Please send your questions to the list so that
other users with the same problem can find the solution, too.

To your problem: Please make sure that you have a correct
value for your ServerCA's private key in your openssl.cnf. It
should read something like this:

[ ServerCA ]

# Where is the base directory for the ServerCA
dir             = /usr/lib/ssl/ServerCA

# Where is the ServerCA's certificate
certificate     = $dir/ServerCA.cert.pem

# and where is the ServerCA's private key
private_key     = $dir/private/ServerCA.key.pem

Without the private key, the ServerCA will not be
able to sign your LDAP certificate. You will find more
configuration hints for openssl.cnf in the tutorial.

Hope this helps,



----- UrsprÃngliche Mail -----
Von: "Dat Duong" <datduong2000@yahoo.com>
An: "hauke coltzau" <hauke.coltzau@FernUni-Hagen.de>
Gesendet: Dienstag, 7. Oktober 2008 09:06:07 GMT +01:00 Amsterdam/Berlin/Bern/Rom/Stockholm/Wien
Betreff: StartTLS is not working

Hi Hauke, 

I read your instruction on how to create Root CA ...I have a hard time understanding the step. I have a question on how to sign the ldap server certificated using Server CA? I get an error message: 

bash-3.00# openssl ca -name ServerCA -in afldap01.req.pem -out afldap01.cert.pem 

Using configuration from /usr/local/ssl/openssl.cnf 
variable lookup failed for ServerCA::private_key 
18908:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=ServerCA name=private_key 


      FernuniversitÃt in Hagen
   Lehrgebiet Kommunikationsnetze

 Fon/Fax: +49 2331 987 -1142 / -353