[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem to generate certificat and encryptation



Hi,
 
how did you make your certificat ?
 
i have used :
 
/usr/bin/perl /usr/local/ssl/misc/CA.sh -newca
/usr/local/ssl/bin/openssl req -newkey rsa:1024 -nodes -keyout
newreq.pem -out newreq.pem
/usr/bin/perl /usr/local/ssl/misc/CA.sh -sign
 
and i have by default this sha1WithRSAEncryption as Signature
Algorithm
 
when i test my certificat with openssl like this
 
/usr/local/ssl/bin/openssl s_client -connect myserver.com -showcerts
-state -CAfile /usr/local/openLdap2.2.28/certificats/cacert.pem -cert
/usr/local/openLdap2.2.28/certificats/server.crt.pem -key
/usr/local/openLdap2.2.28/certificats/server.key.pem

is work fine
 
but when i try an ldapsearch i have alway this error :
 
TLS: can't accept.
TLS: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac s3_pkt.c:424
 
my ldaprc file :
 
TLS_REQCERT demand
 
TLS_CERT /usr/local/openLdap2.2.28/certificats/server.crt.pem
TLS_KEY /usr/local/openLdap2.2.28/certificats/server.key.pem

my ldap.conf
BASE    dc=ghec,dc=fr
URI     ldaps://myserver.com/
 
TLS_CACERT /usr/local/openLdap2.2.28/certificats/cacert.pem
TLS_REQCERT demand

is some one can help me ?
 
thx.