[Date Prev][Date Next] [Chronological] [Thread] [Top]

Rép. : Re: Problem to generate certificat and encryptation



Hi,

Thx, this doc is very good, have alway read them, it was with this
documention that have generated my certificates.

the ssl connection seem good. because i can acces on ssl with
ldapbrowser, with java code, with openssl command without error, but it
don't work when i use the ldap command directely on my server, i have
always this error :

TLS: can't accept.
TLS: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac s3_pkt.c:424

Nota: i have configured the ldap.conf and ldaprc files.

i don't understand , so do i need to specify special cypher somewhere ?

thx.

>>> Michal Dobroczynski <michal.dobroczynski@gmail.com> 21/10/05 20:31
>>>
Hi,
I think you will find useful pieces of information there:

(1) http://samba.idealx.org/smbldap-howto.fr.html#htoc35

(2) http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html
^^^^^^^^
^^^ if you want to create a self-signed certificate then there you'll
find a 'fast method' for doing that.

I suggest reading (2) first, generating certificates accoridng to (2)
and finally you can go to (1) because it might be also useful.

Regards,
Michal Dobroczynski


On 21/10/05, Eudes LEDUCQ <LEDUCQ@hec.fr> wrote:
> Hi,
>
> how did you make your certificat ?
>
> i have used :
>
> /usr/bin/perl /usr/local/ssl/misc/CA.sh -newca
> /usr/local/ssl/bin/openssl req -newkey rsa:1024 -nodes -keyout
> newreq.pem -out newreq.pem
> /usr/bin/perl /usr/local/ssl/misc/CA.sh -sign
>
> and i have by default this sha1WithRSAEncryption as Signature
> Algorithm
>
> when i test my certificat with openssl like this
>
> /usr/local/ssl/bin/openssl s_client -connect myserver.com -showcerts
> -state -CAfile /usr/local/openLdap2.2.28/certificats/cacert.pem -cert
> /usr/local/openLdap2.2.28/certificats/server.crt.pem -key
> /usr/local/openLdap2.2.28/certificats/server.key.pem
>
> is work fine
>
> but when i try an ldapsearch i have alway this error :
>
> TLS: can't accept.
> TLS: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or
> bad record mac s3_pkt.c:424
>
> my ldaprc file :
>
> TLS_REQCERT demand
>
> TLS_CERT /usr/local/openLdap2.2.28/certificats/server.crt.pem
> TLS_KEY /usr/local/openLdap2.2.28/certificats/server.key.pem
>
> my ldap.conf
> BASE    dc=ghec,dc=fr
> URI     ldaps://myserver.com/
>
> TLS_CACERT /usr/local/openLdap2.2.28/certificats/cacert.pem
> TLS_REQCERT demand
>
> is some one can help me ?
>
> thx.
>
>