[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Problem to generate certificat and encryptation
Hi,
how did you make your certificat ?
i have used :
/usr/bin/perl /usr/local/ssl/misc/CA.sh -newca
/usr/local/ssl/bin/openssl req -newkey rsa:1024 -nodes -keyout
newreq.pem -out newreq.pem
/usr/bin/perl /usr/local/ssl/misc/CA.sh -sign
and i have by default this sha1WithRSAEncryption as Signature
Algorithm
when i test my certificat with openssl like this
/usr/local/ssl/bin/openssl s_client -connect myserver.com -showcerts
-state -CAfile /usr/local/openLdap2.2.28/certificats/cacert.pem -cert
/usr/local/openLdap2.2.28/certificats/server.crt.pem -key
/usr/local/openLdap2.2.28/certificats/server.key.pem
is work fine
but when i try an ldapsearch i have alway this error :
TLS: can't accept.
TLS: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac s3_pkt.c:424
my ldaprc file :
TLS_REQCERT demand
TLS_CERT /usr/local/openLdap2.2.28/certificats/server.crt.pem
TLS_KEY /usr/local/openLdap2.2.28/certificats/server.key.pem
my ldap.conf
BASE dc=ghec,dc=fr
URI ldaps://myserver.com/
TLS_CACERT /usr/local/openLdap2.2.28/certificats/cacert.pem
TLS_REQCERT demand
is some one can help me ?
thx.