[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem to generate certificat and encryptation

Hi,
I think you will find useful pieces of information there:

(1) http://samba.idealx.org/smbldap-howto.fr.html#htoc35

(2) http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html
^^^^^^^^
^^^ if you want to create a self-signed certificate then there you'll
find a 'fast method' for doing that.

I suggest reading (2) first, generating certificates accoridng to (2)
and finally you can go to (1) because it might be also useful.

Regards,
Michal Dobroczynski


On 21/10/05, Eudes LEDUCQ <LEDUCQ@hec.fr> wrote:
> Hi,
>
> how did you make your certificat ?
>
> i have used :
>
> /usr/bin/perl /usr/local/ssl/misc/CA.sh -newca
> /usr/local/ssl/bin/openssl req -newkey rsa:1024 -nodes -keyout
> newreq.pem -out newreq.pem
> /usr/bin/perl /usr/local/ssl/misc/CA.sh -sign
>
> and i have by default this sha1WithRSAEncryption as Signature
> Algorithm
>
> when i test my certificat with openssl like this
>
> /usr/local/ssl/bin/openssl s_client -connect myserver.com -showcerts
> -state -CAfile /usr/local/openLdap2.2.28/certificats/cacert.pem -cert
> /usr/local/openLdap2.2.28/certificats/server.crt.pem -key
> /usr/local/openLdap2.2.28/certificats/server.key.pem
>
> is work fine
>
> but when i try an ldapsearch i have alway this error :
>
> TLS: can't accept.
> TLS: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or
> bad record mac s3_pkt.c:424
>
> my ldaprc file :
>
> TLS_REQCERT demand
>
> TLS_CERT /usr/local/openLdap2.2.28/certificats/server.crt.pem
> TLS_KEY /usr/local/openLdap2.2.28/certificats/server.key.pem
>
> my ldap.conf
> BASE    dc=ghec,dc=fr
> URI     ldaps://myserver.com/
>
> TLS_CACERT /usr/local/openLdap2.2.28/certificats/cacert.pem
> TLS_REQCERT demand
>
> is some one can help me ?
>
> thx.
>
>