[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP client and SSL handshaek

Jon Dufresne wrote:
> On Tue, 2012-03-20 at 18:24 -0600, Rich Megginson wrote:
>> That's not your problem, nor is it specific to Oracle:
>> TLS: could not add the certificate (null) - error -8018:Unknown PKCS #11
>> error..
>> TLS: /etc/openldap/cacerts/addtrust-ca.crt is not a valid CA certificate
>> file - error -8018:Unknown PKCS #11 error..
>> Can you paste your /etc/openldap/cacerts/addtrust-ca.crt?
> My user does not have permission to read this file. The file's
> permissions are:
> -rw-------. 1 root root 1521 Mar 12 15:28 addtrust-ca.crt
> Now that it is pointed out, this seems incorrect. Should this be changed
> to mode 644?

There's no point to set this strict permissions. Public-key CA certs are just
that: public. So 0644 file permissions seems most appropriate.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature