[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: AW: openldap and TLS certificates



Hello again,
   I followed your instructions, and I keep getting the same errors. I
have also tried to remove the entries before the actual certificate and
still no change. There was another suggestion on generating the
certificates. I will try that and hope for the best.

Thanks for the help
Nick

On Tue, 2008-09-30 at 02:10 +0200, Hauke Coltzau wrote:
> Hi Nick,
> 
> it took me some time to set up TLS successfully, so I'm with
> you in this journey ;-)
> 
> >From my own experience, I would suggest to start verfifying
> the server first. Let the client simply have the
> 
> TLS_CACERT /<path>/<to>/<cachain>/cacert.chain.pem
> TLS_REQCERT demand
> 
> options set and not send any certificate at all.
> On the server's side, only set 
> 
> TLSCertificateFile /your/cert.pem
> TLSCertificateKeyFile /your/private/key.pem
> 
> You will not need a CACert file on the server for now.
> 
> Make sure that the client will not send any certificate, so
> check your current users .ldaprc, because the client certificate
> depends on the user that runs the ldapsearch command.
> 
> If you can set up TLS this way, you can be sure that the
> server is valid. To validate your client, you will need
> a .ldaprc in the current user's home directory which points
> to the user's cert and key. The server must be able to
> verify the user's cert.
> 
> Hope, this helps,
> 
> Hauke
> 
> 
> ----- UrsprÃngliche Mail -----
> Von: "Nick Kasparidis" <nick.kasparidis@toumaz.com>
> An: openldap-technical@openldap.org
> Gesendet: Montag, 29. September 2008 17:11:10 GMT +01:00 Amsterdam/Berlin/Bern/Rom/Stockholm/Wien
> Betreff: openldap and TLS certificates
> 
> Hello everyone,
>    I seem to have a problem with setting up secure connections with my
> LDAP server. I believe the problem has mainly to do with my certificates
> rather than anything else. I used the tutorial provided by the openLDAP
> admin guide to generate my certificates
> http://damncoolpics.blogspot.com/2008/09/oktoberfest-2008-in-munich.html
> 
>    My slapd.conf files has the following entries
> 
> #SSL/TLS Options
> TLSCipherSuite		HIGH:MEDIUM
> TLSCACertificateFile	/usr/local/etc/slapd-cacert.pem
> TLSCertificateFile	/usr/local/etc/slapd-cert.pem
> TLSCertificateKeyFile	/usr/local/etc/slapd-key.pem
> 
> and my ldap.conf
> TLS_CACERTDIR /etc/openldap/cacerts
> TLS_CACERT /etc/openldap/cacerts/slapd-cert.pem
> 
> slapd-cacert.pem is the certificate of the CA
> slapd-cert.pem is the server certificate (same copy on client and
> server)
> slapd-key.pem is the server key (I manually removed the certificate
> request that was generated by the process on the link above)
> 
> I start the server using /usr/local/libexec/slapd -h ldap:/// ( also
> tried the -d 9 flag for debugging), and when I use ldapsearch I get the
> following errors
> 
> (from the client)
> ldapsearch -x -ZZ (I have most of the settings in my ldap.conf)
> 
> ldap_start_tls: Connect error (-11)
>         additional info: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> 
> (from the server with the -d 9 flag)
> I get load of stuff, but the important seems to be the following
> 
> TLS trace: SSL3 alert read:fatal:unknown CA
> TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> TLS: can't accept.
> TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> s3_pkt.c:1053
> connection_read(12): TLS accept failure error=-1 id=0, closing
> 
> When I try a search without the -ZZ flag everything works fine. When I
> created the certificates I tried different common names. I tried the ip
> address, fully qualified name (as shown below), the short name, even my
> name, but no luck. I have read the proper RFC but could not get
> anyusefull information. By the way I have a local DNS server and the
> domain name should match the correct IP address (and the reverse).
> 
> Truth is I do not know much about SSL and certificates, so I might be
> missing something. Just for your information, The certificate authority
> is the same with the LDAP server. I will provide the certificate below,
> with email and addresses altered. Also the hashes have been altered so
> key and cert will not match. I merely provide them just in case you see
> something wrong in the syntax.
> 
> The server certificate
> 
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 1 (0x1)
>         Signature Algorithm: sha1WithRSAEncryption
>         Issuer: C=GB, ST=Oxfordshire, O=Company, OU=IT,
> CN=ldapserver.eng.mydomain.com/emailAddress=admin@mydomain.com
>         Validity
>             Not Before: Sep 29 09:49:07 2008 GMT
>             Not After : Sep 29 09:49:07 2009 GMT
>         Subject: C=GB, ST=Oxfordshire, L=Abingdon, O=Company,, OU=IT,
> CN=ldapserver.eng.mydomain.com/emailAddress=admin@mydomain.com
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>             RSA Public Key: (2048 bit)
>                 Modulus (2048 bit):
>                     00:c4:4d:49:ce:35:a6:80:67:d5:c5:ea:2e:5a:b0:
>                     0f:96:a2:de:28:c3:97:fc:5d:9d:05:57:ae:a8:db:
>                     d4:cd:8c:bb:1d:4d:2c:41:51:45:0e:c9:17:8f:a0:
>                     5b:bb:a0:5e:d3:d7:5d:a4:64:dd:23:9a:64:ad:dc:
>                     7b:49:5a:92:68:65:32:6c:0c:50:84:8a:75:26:da:
>                     76:7f:65:13:14:0a:05:eb:5e:d3:f7:1e:89:7f:a2:
>                     d8:1b:4a:46:28:ee:98:5f:f9:bd:21:88:df:76:5c:
>                     b9:8e:7e:5b:09:29:65:e7:6b:a7:5b:5f:4a:99:77:
>                     7d:6c:d1:44:7e:7a:77:05:fe:1c:b9:6d:2b:e2:57:
>                     63:63:29:b3:cb:c6:68:35:b5:81:fa:ef:ee:ba:c0:
>                     54:3e:d8:70:0a:f6:c9:39:74:21:f8:75:b9:08:89:
>                     6a:5e:e3:fe:1e:5e:37:b0:29:2d:13:35:b4:7c:aa:
>                     55:3e:c3:c4:59:cd:08:e1:ef:21:43:29:0f:82:8f:
>                     84:7d:f2:65:b5:79:2e:fc:87:7c:7d:ca:fb:7a:ef:
>                     54:c4:33:20:ed:f5:8a:64:de:60:18:60:07:ee:f9:
>                     ea:0f:97:bf:af:63:e1:e4:e8:b2:15:1b:5f:95:fd:
>                     ad:c7:83:8c:94:f3:e4:ef:95:63:f0:d4:a8:f8:49:
>                     13:05
>                 Exponent: 65537 (0x10001)
>         X509v3 extensions:
>             X509v3 Basic Constraints: 
>                 CA:FALSE
>             Netscape Comment: 
>                 OpenSSL Generated Certificate
>             X509v3 Subject Key Identifier: 
> 
> 1F:9F:4E:5A:C8:61:53:4B:5F:50:28:84:F8:D7:45:54:C0:C9:7E:67
>             X509v3 Authority Key Identifier: 
> 
> keyid:7C:5A:92:7E:5C:6B:3E:9B:0E:87:46:7C:FB:27:8F:34:AD:42:3B:27
> 
>     Signature Algorithm: sha1WithRSAEncryption
>         04:3d:f9:64:e9:c1:13:8c:98:e6:b6:33:a9:e0:8b:8e:b0:68:
>         2f:70:8e:8e:b4:b2:6f:61:7c:bd:63:f2:cb:20:b8:6e:4f:0a:
>         53:5f:ba:ed:32:20:c7:31:24:0c:c3:e8:d6:42:1c:a8:3e:7b:
>         32:b4:87:94:71:d6:8b:ca:c9:57:f5:9f:fc:8d:89:77:e2:3e:
>         ac:49:cd:c8:c7:01:83:41:41:a6:05:7c:df:c6:37:0e:15:d8:
>         d2:51:3f:a5:92:b7:bf:3f:65:4e:68:71:b7:4e:3e:26:f6:15:
>         fe:38:72:e1:f9:b7:60:29:e8:ff:78:3c:aa:34:be:e8:46:f1:
>         5f:87:8b:a1:60:8b:82:31:ca:5e:a1:31:83:e7:b7:90:be:a5:
>         2f:ac:f7:1c:fe:af:89:15:02:af:c7:4f:2f:97:87:2b:0b:83:
>         5c:07:83:f9:f9:c7:63:00:69:fa:c9:d0:fc:fb:7a:ef:7a:41:
>         1c:e0:99:e4:01:73:7f:94:fa:2c:12:0f:8e:3f:8f:b4:9b:b6:
>         85:42:90:1a:aa:d6:11:9b:49:db:83:f9:19:1e:dd:8b:0a:c7:
>         b5:c0:5c:06:78:ca:f1:75:f9:8b:eb:c0:94:b0:3f:96:fc:b8:
>         88:7c:52:46:ad:ab:bb:22:52:c1:31:dc:87:a7:c9:bd:de:98:
>         bd:76:45:2b
> -----BEGIN CERTIFICATE-----
> MIIESTCCAzGgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnzELMAkGA1UEBhMCR0Ix
> FDASBgNVBAgTC094Zm9yZHNoaXJlMSIwIAYdVQQKExlUb3VtYXogVGVjaG5vbG9n
> eSBMaW8pdGVkMQswCQYDVQQLEwJJVDEeMBwGA1UEAxMVbWFnZ2llLmVuZy50b3Vt
> YXouY29tMSkwJwYJKoZIhvcNAQkBFhpuaWNrLmthc3BhcmlkaXNAdG91bWF6LmNv
> bTAeFw0wODA5MjkwOTQ5MDdaFw0wOTA5MjkwOTQ5MDdaMIGyMQswCQYDVQQGEwJH
> QjEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxETAPBgNVBAcTCEFiaW5nZG9uMSIwIAYD
> VQQKExlUb3VtYXogVGVjaG5vbG9neSBMaW1pdGVkMQswCQYDVQQLEwJJVDEeMBwG
> A1UEAxMVbWFnZ2llLmVuZy50b3VtYXouY29tMSkwJwYJKoZIhvcNAQkBFhpuaWNr
> Lmthc3BhcmlkaXNAdG91bWF6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
> AQoCggEBAMRNSc41poBn1cXqLlqwD5ai3ijDl&xdnQVXrqjb1M2cux1NLEFRRQ7J
> F4+gW7ugXtPXXaRk3SOaZK3ce0lakmhlMmwMUISKdSbadn9lExQKBete0/ceiX+i
> 2BtKRijumF/5vSGI33ZcuY5+WwkpZedrp1tfSpl3fWzRRH56dwX+3LltK+JXY2Mp
> s8vGaDW1gfrv7rrAVD7YcAr2yTl0Ifh1uQiJal7j/h5eN7ApLRM1tHyqVT7DxFnN
> COHvIUMpD4KPhH3yZbV5LvgHfH3K+3rvVMQzIO31imTeYBdgB+756g+Xv69j4eTo
> shUbX5X9rceCjJTz5O+VY/DUqPhJEwUCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglg
> hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
> BBYEFB+fXlrIYVNLX1AphPjXRVTAyX9nMB8GA1UdIwQYMBaAFHxakn5cWz6bDodG
> fPsnjzSuQjsnMA0GCSqGSIb3DQEBBQUAA4IBAQAEPflk6cETjJjmtjOp4IuOsGgv
> cI6OtLNvYXy9Y/LLILhuTwpTX7rtMiDGMCQMw+jWQhyoPnsytIeUcdaLyslX9Z/8
> jYl34j6sSc3IxwGDQUGmBXzPxjcOFdjSUT+lkre/P2VOaHG3Tj4m9hX+OHLh+bdg
> Kej/eDyqNL7oRvFfh4uhYIuCMcpeoTGD57eQvQUvrPcc/q+JFQKvx08vl4crC4NM
> B4P5+cdjAGn6ydD8+3rvekEc4JnkAXN/lPosEg+OP4+0m7aFQpAaqtYRmknbg/kZ
> Ht2LCse1wFwGeMrxdfmL68CUsD+W/LiIfFJGrau7IlLBMdyHp8m93pi9dkUr
> -----END CERTIFICATE-----
> 
> 
> The CA certificate
> 
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 0 (0x0)
>         Signature Algorithm: sha1WithRSAEncryption
>         Issuer: C=GB, ST=Oxfordshire, O=Company, OU=IT,
> CN=ldapserver.eng.mydomain.com/emailAddress=admin@mydomain.com
>         Validity
>             Not Before: Sep 29 09:48:17 2008 GMT
>             Not After : Sep 29 09:48:17 2011 GMT
>         Subject: C=GB, ST=Oxfordshire, O=Company, OU=IT,
> CN=ldapserver.eng.mydomain.com/emailAddress=admin@mydomain.com
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>             RSA Public Key: (2048 bit)
>                 Modulus (2048 bit):
>                     00:a6:6e:3b:1f:87:e9:1a:c9:e9:5c:3a:b8:96:19:
>                     af:c9:e7:41:87:72:76:55:a8:fc:db:3c:05:55:9c:
>                     25:8f:83:5b:35:05:9f:cb:7b:4e:9b:3a:84:98:60:
>                     46:d5:79:be:c1:4c:b5:ea:cd:79:2b:c2:33:86:05:
>                     67:98:e4:62:77:d7:cf:98:c3:52:93:6c:ba:1c:fc:
>                     a3:f9:81:26:ea:d8:a1:56:cd:74:f5:47:fe:0f:8d:
>                     95:7a:b7:8b:14:25:e7:9d:e2:e7:46:a2:d6:90:4c:
>                     25:94:16:20:51:78:6a:68:da:e0:06:2c:45:4e:27:
>                     c4:2b:8b:bc:a9:e2:fb:c5:c1:8b:9d:33:5f:e3:be:
>                     d1:f5:53:9d:2b:0c:bf:2a:95:e6:57:29:5e:ef:ab:
>                     3a:e9:33:09:00:c3:7d:94:aa:a9:b4:3c:08:9d:e8:
>                     e6:92:f2:60:03:ed:12:1d:df:81:9f:a7:d2:81:7f:
>                     3e:8b:fa:a4:01:ba:c1:49:1c:51:02:c6:54:3c:48:
>                     9a:3f:18:54:04:35:c4:e1:c7:12:f6:7a:26:7e:47:
>                     04:e6:f8:fc:ed:8c:2e:17:05:62:b6:73:9a:4e:52:
>                     10:17:92:52:38:3a:4d:2d:32:ab:76:c8:61:ab:36:
>                     cd:52:f9:95:bb:87:63:ad:5d:d3:d0:f9:6f:06:a6:
>                     29:6f
>                 Exponent: 65537 (0x10001)
>         X509v3 extensions:
>             X509v3 Basic Constraints: 
>                 CA:FALSE
>             Netscape Comment: 
>                 OpenSSL Generated Certificate
>             X509v3 Subject Key Identifier: 
> 
> 7C:5A:92:7E:5C:5B:3E:9B:0E:87:46:7C:FB:27:8F:34:AE:42:3B:27
>             X509v3 Authority Key Identifier: 
> 
> keyid:7C:5A:92:7E:5C:5B:3E:9B:0E:87:46:7C:FB:27:8F:34:AE:42:3B:27
> 
>     Signature Algorithm: sha1WithRSAEncryption
>         2b:b9:65:09:2d:ff:c0:80:dd:e0:f4:d0:01:9a:87:b9:da:54:
>         d2:f1:e4:0a:56:0b:cf:31:55:97:9f:93:62:df:59:3d:11:5b:
>         06:6c:e7:f9:56:9b:c8:e8:e0:77:54:12:5b:ca:98:f9:c7:fa:
>         c6:41:45:6d:14:31:2d:d6:19:a8:41:ba:89:55:5a:7f:5c:79:
>         1b:05:36:d7:e4:00:7b:e7:ae:5e:56:74:12:f9:fa:ab:63:0f:
>         f6:8e:97:cc:53:d3:91:7e:4b:48:6e:15:27:bc:73:4a:68:1f:
>         ff:36:67:b2:fa:6b:38:40:0c:f2:99:5f:75:2a:4f:27:21:a8:
>         fb:b5:9a:c3:7a:05:a5:45:03:3f:cf:85:21:eb:42:69:23:af:
>         d5:b8:32:17:4e:a5:52:c2:3e:01:bd:1f:f2:1a:b6:f0:f8:8f:
>         d9:d0:70:30:08:39:37:42:84:42:67:27:74:16:be:e7:2d:0f:
>         54:e8:3d:8b:6f:6c:76:a6:39:d9:df:e4:b9:33:9a:92:5b:3e:
>         b2:6a:8a:8f:2e:9c:3a:01:54:c7:3e:0e:f4:45:9c:bd:f6:39:
>         e9:8c:9d:95:60:e7:2a:10:f6:ac:4a:a2:b7:16:bf:06:44:76:
>         4b:5d:51:5a:0b:82:b0:53:f6:4a:d7:04:f0:85:7e:34:c6:fc:
>         50:1a:c4:b3
> -----BEGIN CERTIFICATE-----
> MIIENjCCAx6gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBnzELMAkGA1UEBhMCR0Ix
> FDASBgNVBAgTC094Zm9yZHNoaXJlMSIwIAYDVQQKExlUb3VtYXogVGVjaG5vbG9n
> eSBMaW1pdGVkMQswCQYDV1QLEwJJVDEeMBwGA1UEAxMVbWFnZ2llLmVuZy50b3Vt
> YXouY29tMSkwJwYJKoZIhvcNAQkBFhpuaWNrLmthc3BhcmlkaXNAdG91bWF6LmNv
> bTAeFw0wODA5MjkwOTQ4MTdaFw0xMTA5MjkwOTQ4MTdaMIGfMQswCQYDVQQGEwJH
> QjEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxIjAgBgNVBAoTGVRvdW1heiBUZWNobm9s
> b2d5IExpbWl0ZWQxCzAJBgNVBAsTAklUMR4wHAYDVQQDExVtYWdnaWUuZW5nLnRv
> dW1hei5jb20xKTAnBgkqhki39w0BCQEWGm5pY2sua2Fz5GFyaWRpc0B0b3VtYXou
> Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApm47H4fpGsnpXDq4
> lhmvyedAh3J2Vaj82zwFVZwlj4NbNQWfy3tOmzqEmGBG1Xm+wUy16s15K8IzhgVn
> mORid9fPmMNSk2y6HPyj+YEm6tihVs109Uf+D42VereLFCHnneLnRqLWkEwllBYg
> UXhqaNrgBixFTifEK4u8qeL7xUGLnTNf477R9VOdKwy/KpXmVyle76s66TMJAMN9
> lKqptDwInejmkvJgA+0SHd+Bn6fSgX8+i/qkAbrBSRxRAsZUPEia3xhUBDXE4ccS
> 9nomfkcE5vj87YwuFwVitnOZTlIQF5JSODpNLTKrdsHhqzbNUvmVu4djrV3T0Plv
> BqYpbwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
> IEdlbmVyYXRlZC5DZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUfFqSflxbPpsOh0Z8+yeP
> NK5COycwHwYDVR0jBBgwFoAUfFqSflxbPpsOh0Z8+yePNK5COycwDQYJKoZIhvcN
> AQEFBQADggEBACu5ZQkt/8CA3eD00AGah7naVNLx5ApWC88xVZefk2LfWT0RWwZs
> H/lWm8jo4HdUElvKmPnH+sZBRW0UMS3WGahBuolVWn9ceRsFNtfkAHvnrl5WdBL5
> +qtjD4aOl8xT05F+S0huFSe8c0poH/82Z7L6azhADPKZ73UqTychTPu1msN6BaVF
> Az/PhSHrQmkj39W4MhdOpFLCPgG9H/IatvD4j9nQcDAIOTdChEJnJ3QWvuctD1To
> PYtvbHamOdnf5LkzmpJbPrJiio8unDoBVMc+DvRFnL32OemMnzVg5yoQ9qxKorcW
> vwZEdktdUVoLgrBT9krXBPCFfjTG/FAaxLM=
> -----END CERTIFICATE-----
> 
> and finally the server key, which I modified slightly be removing a
> certificate request entry
> 
> -----BEGIN RSA PRIVATE KEY-----
> MIIEowIBAAKCAQEAxE1JzjWmgGfVxeouWrAPlqLeKMOX/F2dBVeuqNvUzZy7HU0s
> QVFFDskXj6B9u6Be09ddpGTdI5pkrdx7SVqSaGUybAxQhIp1Jtp2f2UTFAoF617T
> 9x6Jf6LYG0pGKO6YX/m9IYjfdly5jn5bCSll52unW19KmXd9bNFEfnp3Bf7cuW0r
> 4ldjYymzy8ZoNbWB+u/uusBUPthwCvbJOXQh+HW5CIlqXuP+Hl43bCktEzW0fKpV
> PsPEWc0I4e8hQykPgo+EffJltXku/Id8fcr7eu9UxDMg7fWKZN5gF2AH7vnqD5e/
> r2Ph5OiyFRtflf2tx4KMlPPk75Vj8NSo+EkTBQIDAQABAoIBAFkajAniKHXYrBxu
> NCRODoVd4GG4huCyzXeDWXCkeG/sWLLwOMpdTW9ssBktvPXp0aFu/L6GWiqzBkg0
> 8HFXf2WLqduJq3K+NncwauFgy8wo0I8KOETPw7IABQA+MqKZyuilv8fdDTH43PFl
> QYVjGTJ2lzzOgFow9unSA7k1dZluTeMyE+RzpVYwE/WSgsOFa7qYQnCXy0hlx85u
> /SNU5383/v1cvrSghDCbZ2WrllHAerjUep1FNDounGkhiWj+JWUfddL7zYM+KVdJ
> AKRaxeYo+UTAVa9rd9D8qgZo5oIJ6l53bvobkwcrVnAoYPxtzAjhcBhgtQjXSXrJ
> YrHhKQECgYEAavUIAaT/XfHDXuXYMHnSf/ZgAqipOv36OPPnXnpg0yZbyLs/dgN6
> GYVBtvd3ugfQ3ZEUfOwYw2wVq6hItq6+lQRjL+G5IsoeyKJXGIpBdlr7Yhhes1gv
> 4R5nGB97+F9kBVEmDephg0K++EeKRZMpzUgn1cBvBXrcfJsUc8OAFbUCgYEAy31q
> k8HXBltJz7QQxmXLZogFkb0dxxXUrax202e6XsqroUpmUWx1n75TVnnP4QNH0Tqx
> 8EQTDMZzQRHgFidwLAzhpI16Ex1fLfSw/lMQij7ojxtGp8LbC057dGpseBxwTPjP
> I5dpdIl2Mt8HeH5qMiizRls1EcSu1RK9cPhOWhECgjEAtU+pFSwCoQKDIgU1+EE4
> nuJQEyOpO7qEH5RS5jaLJ/sdn/551TcwSdRgLuj5agea/VEq7ZyZgcC1GFZxLE6X
> dejGubzLpBMpDrzBnS7EaRTbQ2YJATtfy7n6juduqSe/03eErOrLtQcoFjjP98zX
> //Nd671gxXEyt/lTxrpeK5ECgYBFbIFq7awFkCmLgjxi46HUVj3ILgQ1wt3vbrKP
> h4kPBAgwG+jyiJVMratTCnYAp5Td7i988EyrhB0YKxgPlt7vOGnXMSlf0hqB3ERy
> UDaJY9MF1+FwJMuEfP8jhZeCFvm9WPmag/LHfoVj6rFqy35BpJ8dNsrRSA/5w837
> 98sLcQKBgBBfNJdPOGjgLZxLM5hXI88UkYFc3ppVh83SHSikKULO5d7wrWeQDR9V
> u3t+sx8bl067E2dILPzTa9qLt3RO+GPCwOQMQUywNBh7jQ1BjaOg/4ctlJkjAdKo
> x4hAG2dU5Z7iEob5AWpfv3+A5taS8P9RjI1O2jUwnTR84vqJtNx7
> -----END RSA PRIVATE KEY-----
> 
> Any ideas would be welcome
> 
> Best Regards
> Nick
> 
>