[Date Prev][Date Next] [Chronological] [Thread] [Top]

SSL / Certificates / ... Some confusion


since a couple of days I try to setup a provider and a consumer over ssl
following the documentation in a book [1] an dusing two servers. (Red
Hat 5.x, openssl-0.9.8e-12, openldap-2.3.43-3 )

Doing so I was confronted with a lot off different warnings/messages but
finaly I got the replication crypted.

The final step in the tutorial is to use the saslmech=external but the
messages I do get are different from the messages I should get.

I noticed and googeled some provider debug info and wanted to ask for
some prove or clarification or work around:

>From the provider log:

TLS certificate verification: Error, unsupported certificate purpose
TLS trace: SSL3 alert write:warning:bad certificate
connection_read(13): unable to get TLS client DN, error=49 id=1

>From a posting from 2006 and the answere from Howard Chu [2] I think I
do have the same problem: My consumer server certificate "should be"
from the providers view a client certificate.

>From the certificate:

X509v3 extensions:
            X509v3 Basic Constraints:
            Netscape Cert Type:
                SSL Server

Am I wrong, right, lost, ... Is there a workaround or any step while
creating the certificates?

Thanks once more and best regards,


[1] http://www.galileocomputing.de/katalog/buecher/titel/gp/titelID-1801
[2] http://www.openldap.org/lists/openldap-software/200604/msg00202.html

Götz Reinicke

Tel. +49 7141 969 420
Fax  +49 7141 969 55 420
E-Mail goetz.reinicke@filmakademie.de

Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg

Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzende des Aufsichtsrats:
Prof. Dr. Claudia Hübner

Prof. Thomas Schadt