Re: openldap 2.1.30 + gentoo +ssl [self signed problem again]

[Dieter Kluenter <dieter@dkluenter.de>]

Florin Angelescu <fangelescu@caami-hziv.fgov.be> writes:

> On Thursday 25 November 2004 11:32, you wrote:
>> Hello,

>> You must have signed a cert with the wrong ca, check all your
>> certificats with
>>
>> openssl x509 -in certificate.pem -text
>>
>> in particular check the keyid, which must be identical in the key
>> chain.

> well, i have only 1 CA .... (i used CA.sh -newcert)
> and the servercert is signed by my CA


> openssl x509 -in servercert.pem -text
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 1 (0x1)
>         Signature Algorithm: md5WithRSAEncryption
>         Issuer: C=BE, ST=BELGIUM, L=BRUSSELS, O=CAAMI_CA, OU=CCI, 
> CN=CAAMI_CA/emailAddress=fangelescu@caami-hziv.fgov.be
>         Validity
>             Not Before: Nov 25 08:32:09 2004 GMT
>             Not After : Nov 25 08:32:09 2005 GMT
>         Subject: C=BE, ST=BELGIUM, L=BRUSSELS, O=CAAMI-HZIV, OU=CCI, 
> CN=ldap.caami-hziv.fgov.be/emailAddress=ldapserver@caami-hziv.fgov.be
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>             RSA Public Key: (2048 bit)

I have have been referring to keyid.

 X509v3 Authority Key Identifier: 
   keyid:86:5C:19:86:4E:EE:0B:DC:A2:99:56:95:B3:7B:90:FD:21:4E:F4:BC

This keyid must be identical in your whole key chain.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:01443B53