[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem to generate certificat and encryptation

To: <openldap-software@OpenLDAP.org>
Subject: Problem to generate certificat and encryptation
From: "Eudes LEDUCQ" <LEDUCQ@hec.fr>
Date: Fri, 21 Oct 2005 09:35:53 +0200

Hi,
 
how did you make your certificat ?
 
i have used :
 
/usr/bin/perl /usr/local/ssl/misc/CA.sh -newca
/usr/local/ssl/bin/openssl req -newkey rsa:1024 -nodes -keyout
newreq.pem -out newreq.pem
/usr/bin/perl /usr/local/ssl/misc/CA.sh -sign
 
and i have by default this sha1WithRSAEncryption as Signature
Algorithm
 
when i test my certificat with openssl like this
 
/usr/local/ssl/bin/openssl s_client -connect myserver.com -showcerts
-state -CAfile /usr/local/openLdap2.2.28/certificats/cacert.pem -cert
/usr/local/openLdap2.2.28/certificats/server.crt.pem -key
/usr/local/openLdap2.2.28/certificats/server.key.pem

is work fine
 
but when i try an ldapsearch i have alway this error :
 
TLS: can't accept.
TLS: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac s3_pkt.c:424
 
my ldaprc file :
 
TLS_REQCERT demand
 
TLS_CERT /usr/local/openLdap2.2.28/certificats/server.crt.pem
TLS_KEY /usr/local/openLdap2.2.28/certificats/server.key.pem

my ldap.conf
BASE    dc=ghec,dc=fr
URI     ldaps://myserver.com/
 
TLS_CACERT /usr/local/openLdap2.2.28/certificats/cacert.pem
TLS_REQCERT demand

is some one can help me ?
 
thx.

Follow-Ups:
- Re: Problem to generate certificat and encryptation
  - From: Michal Dobroczynski <michal.dobroczynski@gmail.com>

Prev by Date: OpenLDAP logging
Next by Date: Segfault on search
Index(es):
- Chronological
- Thread