[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Error using TLS
El Martes, 23 de Enero de 2007 22:50, Alex Samad escribiÃ:
> > 4) Edit the certificate to remove the key and rename:
> > #> vi newreq.pem
> > [...]
> > #> mv newreq.pem cert.pem
>
> don't you need to sign it here ?
Yes, as I say in my other mail, the problem it that I use "CA.pl -req" instead
of "CA.pl -cert" (that geenrates an autosigned cert).
> can you tell me what happens when you run
>
> openssl x509 -in /etc/ldap/ssl/cert.pem -noout -text
>
> and if this works
>
> openssl rsa -in /etc/ldap/ssl/key.pem -noout -text
Now I've generated the autosigned certificate and slapd runs.
My actual problem is that a few clients that I've probed (as Kaddressbook
using an LDAP addressbook) refuese these certificate with the warning "Error
in the certificate".
And if I do:
# ldapsearch -ZZ -h debian.domian.net -x * -LL -d 65535
I get:
[...]
TLS certificate verification: Error, self signed certificate
[...]
So I asume that most ldap clients don't allow an autosigned certificate.
Anyway, I'm learning now about certificates, so I have to investigate first ;)
Thanks for all.
--
IÃaki Baz Castillo