[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problem to generate certificat and encryptation
- To: Eudes LEDUCQ <LEDUCQ@hec.fr>
- Subject: Re: Problem to generate certificat and encryptation
- From: Michal Dobroczynski <michal.dobroczynski@gmail.com>
- Date: Fri, 21 Oct 2005 20:31:47 +0200
- Cc: openldap-software@OpenLDAP.org
- Content-disposition: inline
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=j7FYFirx8OqvTqOf+J/8BzaTGSiaWeYDeSv/cv23Ney9TMccH+ruuQ6XVyjykYxpoll3fqCXB+j0Vi7h1Yp40/a/qJO8NXZ7xNFmOWpFhqubFnpWqkwV5v6mQa+Snr3WoLVRfFk54z8xgq4PjK+xUoIl2S0VrZTB4QUfuAFhYLA=
- In-reply-to: <s358b69e.023@MI151.HEC.FR>
- References: <s358b69e.023@MI151.HEC.FR>
Hi,
I think you will find useful pieces of information there:
(1) http://samba.idealx.org/smbldap-howto.fr.html#htoc35
(2) http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html
^^^^^^^^
^^^ if you want to create a self-signed certificate then there you'll
find a 'fast method' for doing that.
I suggest reading (2) first, generating certificates accoridng to (2)
and finally you can go to (1) because it might be also useful.
Regards,
Michal Dobroczynski
On 21/10/05, Eudes LEDUCQ <LEDUCQ@hec.fr> wrote:
> Hi,
>
> how did you make your certificat ?
>
> i have used :
>
> /usr/bin/perl /usr/local/ssl/misc/CA.sh -newca
> /usr/local/ssl/bin/openssl req -newkey rsa:1024 -nodes -keyout
> newreq.pem -out newreq.pem
> /usr/bin/perl /usr/local/ssl/misc/CA.sh -sign
>
> and i have by default this sha1WithRSAEncryption as Signature
> Algorithm
>
> when i test my certificat with openssl like this
>
> /usr/local/ssl/bin/openssl s_client -connect myserver.com -showcerts
> -state -CAfile /usr/local/openLdap2.2.28/certificats/cacert.pem -cert
> /usr/local/openLdap2.2.28/certificats/server.crt.pem -key
> /usr/local/openLdap2.2.28/certificats/server.key.pem
>
> is work fine
>
> but when i try an ldapsearch i have alway this error :
>
> TLS: can't accept.
> TLS: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or
> bad record mac s3_pkt.c:424
>
> my ldaprc file :
>
> TLS_REQCERT demand
>
> TLS_CERT /usr/local/openLdap2.2.28/certificats/server.crt.pem
> TLS_KEY /usr/local/openLdap2.2.28/certificats/server.key.pem
>
> my ldap.conf
> BASE dc=ghec,dc=fr
> URI ldaps://myserver.com/
>
> TLS_CACERT /usr/local/openLdap2.2.28/certificats/cacert.pem
> TLS_REQCERT demand
>
> is some one can help me ?
>
> thx.
>
>