[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: Re: AW: openldap and TLS certificates



Hi Nick,

just to make sure: Your CA certificate is not the same
as your ldap server certificate, is it? If so, then there
will be the problem. To get a proper server certificate, you
will have to do the following steps:

1. Create a root CA (that means, create a self signed certificate)
2. Using your root CA, create a CA for your
   server certificate generation and, if needed,
   a user CA for your user certificate generation

   Now you have two certificates, already. A root CA cert and
   a server CA cert. Still, those are not your ldap server certificates.

3. With your server CA (NOT the root ca), create a
   server certificate for ldap.

4. Copy the server CA certificate and the root CA certificate
   into one file and call it something like
   serverca.chain.pem. This is NOT your ldap server
   certificate but the certification authority, your
   client will trust.

5. The serverca.chain.pem is to be copied to your ldap
   client and will be used as CACertFile. So if the client
   receives the ldap server cert, it can check that it came
   from a trusted CA and therefore can be accpeted.

There is a very good tutorial for the CA creation available
at http://fra.nksteidl.de/Erinnerungen/OpenSSL.php, but it
is in German. I used that tutorial and it worked out
perfectly.

Hope, it helps,

Hauke


----- UrsprÃngliche Mail -----
Von: "Nick Kasparidis" <nick.kasparidis@toumaz.com>
An: "Hauke Coltzau" <hauke.coltzau@FernUni-Hagen.de>
CC: "openldap-technical" <openldap-technical@openldap.org>
Gesendet: Donnerstag, 2. Oktober 2008 12:04:43 GMT +01:00 Amsterdam/Berlin/Bern/Rom/Stockholm/Wien
Betreff: Re: AW: openldap and TLS certificates

Hello again,
   I followed your instructions, and I keep getting the same errors. I
have also tried to remove the entries before the actual certificate and
still no change. There was another suggestion on generating the
certificates. I will try that and hope for the best.

Thanks for the help
Nick

On Tue, 2008-09-30 at 02:10 +0200, Hauke Coltzau wrote:
> Hi Nick,
> 
> it took me some time to set up TLS successfully, so I'm with
> you in this journey ;-)
> 
> >From my own experience, I would suggest to start verfifying
> the server first. Let the client simply have the
> 
> TLS_CACERT /<path>/<to>/<cachain>/cacert.chain.pem
> TLS_REQCERT demand
> 
> options set and not send any certificate at all.
> On the server's side, only set 
> 
> TLSCertificateFile /your/cert.pem
> TLSCertificateKeyFile /your/private/key.pem
> 
> You will not need a CACert file on the server for now.
> 
> Make sure that the client will not send any certificate, so
> check your current users .ldaprc, because the client certificate
> depends on the user that runs the ldapsearch command.
> 
> If you can set up TLS this way, you can be sure that the
> server is valid. To validate your client, you will need
> a .ldaprc in the current user's home directory which points
> to the user's cert and key. The server must be able to
> verify the user's cert.
> 
> Hope, this helps,
> 
> Hauke
> 
> 
> ----- UrsprÃngliche Mail -----
> Von: "Nick Kasparidis" <nick.kasparidis@toumaz.com>
> An: openldap-technical@openldap.org
> Gesendet: Montag, 29. September 2008 17:11:10 GMT +01:00 Amsterdam/Berlin/Bern/Rom/Stockholm/Wien
> Betreff: openldap and TLS certificates
> 
> Hello everyone,
>    I seem to have a problem with setting up secure connections with my
> LDAP server. I believe the problem has mainly to do with my certificates
> rather than anything else. I used the tutorial provided by the openLDAP
> admin guide to generate my certificates
> http://damncoolpics.blogspot.com/2008/09/oktoberfest-2008-in-munich.html
> 
>    My slapd.conf files has the following entries
> 
> #SSL/TLS Options
> TLSCipherSuite		HIGH:MEDIUM
> TLSCACertificateFile	/usr/local/etc/slapd-cacert.pem
> TLSCertificateFile	/usr/local/etc/slapd-cert.pem
> TLSCertificateKeyFile	/usr/local/etc/slapd-key.pem
> 
> and my ldap.conf
> TLS_CACERTDIR /etc/openldap/cacerts
> TLS_CACERT /etc/openldap/cacerts/slapd-cert.pem
> 
> slapd-cacert.pem is the certificate of the CA
> slapd-cert.pem is the server certificate (same copy on client and
> server)
> slapd-key.pem is the server key (I manually removed the certificate
> request that was generated by the process on the link above)
> 
> I start the server using /usr/local/libexec/slapd -h ldap:/// ( also
> tried the -d 9 flag for debugging), and when I use ldapsearch I get the
> following errors
> 
> (from the client)
> ldapsearch -x -ZZ (I have most of the settings in my ldap.conf)
> 
> ldap_start_tls: Connect error (-11)
>         additional info: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> 
> (from the server with the -d 9 flag)
> I get load of stuff, but the important seems to be the following
> 
> TLS trace: SSL3 alert read:fatal:unknown CA
> TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> TLS: can't accept.
> TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> s3_pkt.c:1053
> connection_read(12): TLS accept failure error=-1 id=0, closing
> 
> When I try a search without the -ZZ flag everything works fine. When I
> created the certificates I tried different common names. I tried the ip
> address, fully qualified name (as shown below), the short name, even my
> name, but no luck. I have read the proper RFC but could not get
> anyusefull information. By the way I have a local DNS server and the
> domain name should match the correct IP address (and the reverse).
> 
> Truth is I do not know much about SSL and certificates, so I might be
> missing something. Just for your information, The certificate authority
> is the same with the LDAP server. I will provide the certificate below,
> with email and addresses altered. Also the hashes have been altered so
> key and cert will not match. I merely provide them just in case you see
> something wrong in the syntax.
> 
> The server certificate
> 
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 1 (0x1)
>         Signature Algorithm: sha1WithRSAEncryption
>         Issuer: C=GB, ST=Oxfordshire, O=Company, OU=IT,
> CN=ldapserver.eng.mydomain.com/emailAddress=admin@mydomain.com
>         Validity
>             Not Before: Sep 29 09:49:07 2008 GMT
>             Not After : Sep 29 09:49:07 2009 GMT
>         Subject: C=GB, ST=Oxfordshire, L=Abingdon, O=Company,, OU=IT,
> CN=ldapserver.eng.mydomain.com/emailAddress=admin@mydomain.com
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>             RSA Public Key: (2048 bit)
>                 Modulus (2048 bit):
>                     00:c4:4d:49:ce:35:a6:80:67:d5:c5:ea:2e:5a:b0:
>                     0f:96:a2:de:28:c3:97:fc:5d:9d:05:57:ae:a8:db:
>                     d4:cd:8c:bb:1d:4d:2c:41:51:45:0e:c9:17:8f:a0:
>                     5b:bb:a0:5e:d3:d7:5d:a4:64:dd:23:9a:64:ad:dc:
>                     7b:49:5a:92:68:65:32:6c:0c:50:84:8a:75:26:da:
>                     76:7f:65:13:14:0a:05:eb:5e:d3:f7:1e:89:7f:a2:
>                     d8:1b:4a:46:28:ee:98:5f:f9:bd:21:88:df:76:5c:
>                     b9:8e:7e:5b:09:29:65:e7:6b:a7:5b:5f:4a:99:77:
>                     7d:6c:d1:44:7e:7a:77:05:fe:1c:b9:6d:2b:e2:57:
>                     63:63:29:b3:cb:c6:68:35:b5:81:fa:ef:ee:ba:c0:
>                     54:3e:d8:70:0a:f6:c9:39:74:21:f8:75:b9:08:89:
>                     6a:5e:e3:fe:1e:5e:37:b0:29:2d:13:35:b4:7c:aa:
>                     55:3e:c3:c4:59:cd:08:e1:ef:21:43:29:0f:82:8f:
>                     84:7d:f2:65:b5:79:2e:fc:87:7c:7d:ca:fb:7a:ef:
>                     54:c4:33:20:ed:f5:8a:64:de:60:18:60:07:ee:f9:
>                     ea:0f:97:bf:af:63:e1:e4:e8:b2:15:1b:5f:95:fd:
>                     ad:c7:83:8c:94:f3:e4:ef:95:63:f0:d4:a8:f8:49:
>                     13:05
>                 Exponent: 65537 (0x10001)
>         X509v3 extensions:
>             X509v3 Basic Constraints: 
>                 CA:FALSE
>             Netscape Comment: 
>                 OpenSSL Generated Certificate
>             X509v3 Subject Key Identifier: 
> 
> 1F:9F:4E:5A:C8:61:53:4B:5F:50:28:84:F8:D7:45:54:C0:C9:7E:67
>             X509v3 Authority Key Identifier: 
> 
> keyid:7C:5A:92:7E:5C:6B:3E:9B:0E:87:46:7C:FB:27:8F:34:AD:42:3B:27
> 
>     Signature Algorithm: sha1WithRSAEncryption
>         04:3d:f9:64:e9:c1:13:8c:98:e6:b6:33:a9:e0:8b:8e:b0:68:
>         2f:70:8e:8e:b4:b2:6f:61:7c:bd:63:f2:cb:20:b8:6e:4f:0a:
>         53:5f:ba:ed:32:20:c7:31:24:0c:c3:e8:d6:42:1c:a8:3e:7b:
>         32:b4:87:94:71:d6:8b:ca:c9:57:f5:9f:fc:8d:89:77:e2:3e:
>         ac:49:cd:c8:c7:01:83:41:41:a6:05:7c:df:c6:37:0e:15:d8:
>         d2:51:3f:a5:92:b7:bf:3f:65:4e:68:71:b7:4e:3e:26:f6:15:
>         fe:38:72:e1:f9:b7:60:29:e8:ff:78:3c:aa:34:be:e8:46:f1:
>         5f:87:8b:a1:60:8b:82:31:ca:5e:a1:31:83:e7:b7:90:be:a5:
>         2f:ac:f7:1c:fe:af:89:15:02:af:c7:4f:2f:97:87:2b:0b:83:
>         5c:07:83:f9:f9:c7:63:00:69:fa:c9:d0:fc:fb:7a:ef:7a:41:
>         1c:e0:99:e4:01:73:7f:94:fa:2c:12:0f:8e:3f:8f:b4:9b:b6:
>         85:42:90:1a:aa:d6:11:9b:49:db:83:f9:19:1e:dd:8b:0a:c7:
>         b5:c0:5c:06:78:ca:f1:75:f9:8b:eb:c0:94:b0:3f:96:fc:b8:
>         88:7c:52:46:ad:ab:bb:22:52:c1:31:dc:87:a7:c9:bd:de:98:
>         bd:76:45:2b
> -----BEGIN CERTIFICATE-----
> MIIESTCCAzGgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnzELMAkGA1UEBhMCR0Ix
> FDASBgNVBAgTC094Zm9yZHNoaXJlMSIwIAYdVQQKExlUb3VtYXogVGVjaG5vbG9n
> eSBMaW8pdGVkMQswCQYDVQQLEwJJVDEeMBwGA1UEAxMVbWFnZ2llLmVuZy50b3Vt
> YXouY29tMSkwJwYJKoZIhvcNAQkBFhpuaWNrLmthc3BhcmlkaXNAdG91bWF6LmNv
> bTAeFw0wODA5MjkwOTQ5MDdaFw0wOTA5MjkwOTQ5MDdaMIGyMQswCQYDVQQGEwJH
> QjEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxETAPBgNVBAcTCEFiaW5nZG9uMSIwIAYD
> VQQKExlUb3VtYXogVGVjaG5vbG9neSBMaW1pdGVkMQswCQYDVQQLEwJJVDEeMBwG
> A1UEAxMVbWFnZ2llLmVuZy50b3VtYXouY29tMSkwJwYJKoZIhvcNAQkBFhpuaWNr
> Lmthc3BhcmlkaXNAdG91bWF6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
> AQoCggEBAMRNSc41poBn1cXqLlqwD5ai3ijDl&xdnQVXrqjb1M2cux1NLEFRRQ7J
> F4+gW7ugXtPXXaRk3SOaZK3ce0lakmhlMmwMUISKdSbadn9lExQKBete0/ceiX+i
> 2BtKRijumF/5vSGI33ZcuY5+WwkpZedrp1tfSpl3fWzRRH56dwX+3LltK+JXY2Mp
> s8vGaDW1gfrv7rrAVD7YcAr2yTl0Ifh1uQiJal7j/h5eN7ApLRM1tHyqVT7DxFnN
> COHvIUMpD4KPhH3yZbV5LvgHfH3K+3rvVMQzIO31imTeYBdgB+756g+Xv69j4eTo
> shUbX5X9rceCjJTz5O+VY/DUqPhJEwUCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglg
> hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
> BBYEFB+fXlrIYVNLX1AphPjXRVTAyX9nMB8GA1UdIwQYMBaAFHxakn5cWz6bDodG
> fPsnjzSuQjsnMA0GCSqGSIb3DQEBBQUAA4IBAQAEPflk6cETjJjmtjOp4IuOsGgv
> cI6OtLNvYXy9Y/LLILhuTwpTX7rtMiDGMCQMw+jWQhyoPnsytIeUcdaLyslX9Z/8
> jYl34j6sSc3IxwGDQUGmBXzPxjcOFdjSUT+lkre/P2VOaHG3Tj4m9hX+OHLh+bdg
> Kej/eDyqNL7oRvFfh4uhYIuCMcpeoTGD57eQvQUvrPcc/q+JFQKvx08vl4crC4NM
> B4P5+cdjAGn6ydD8+3rvekEc4JnkAXN/lPosEg+OP4+0m7aFQpAaqtYRmknbg/kZ
> Ht2LCse1wFwGeMrxdfmL68CUsD+W/LiIfFJGrau7IlLBMdyHp8m93pi9dkUr
> -----END CERTIFICATE-----
> 
> 
> The CA certificate
> 
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 0 (0x0)
>         Signature Algorithm: sha1WithRSAEncryption
>         Issuer: C=GB, ST=Oxfordshire, O=Company, OU=IT,
> CN=ldapserver.eng.mydomain.com/emailAddress=admin@mydomain.com
>         Validity
>             Not Before: Sep 29 09:48:17 2008 GMT
>             Not After : Sep 29 09:48:17 2011 GMT
>         Subject: C=GB, ST=Oxfordshire, O=Company, OU=IT,
> CN=ldapserver.eng.mydomain.com/emailAddress=admin@mydomain.com
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>             RSA Public Key: (2048 bit)
>                 Modulus (2048 bit):
>                     00:a6:6e:3b:1f:87:e9:1a:c9:e9:5c:3a:b8:96:19:
>                     af:c9:e7:41:87:72:76:55:a8:fc:db:3c:05:55:9c:
>                     25:8f:83:5b:35:05:9f:cb:7b:4e:9b:3a:84:98:60:
>                     46:d5:79:be:c1:4c:b5:ea:cd:79:2b:c2:33:86:05:
>                     67:98:e4:62:77:d7:cf:98:c3:52:93:6c:ba:1c:fc:
>                     a3:f9:81:26:ea:d8:a1:56:cd:74:f5:47:fe:0f:8d:
>                     95:7a:b7:8b:14:25:e7:9d:e2:e7:46:a2:d6:90:4c:
>                     25:94:16:20:51:78:6a:68:da:e0:06:2c:45:4e:27:
>                     c4:2b:8b:bc:a9:e2:fb:c5:c1:8b:9d:33:5f:e3:be:
>                     d1:f5:53:9d:2b:0c:bf:2a:95:e6:57:29:5e:ef:ab:
>                     3a:e9:33:09:00:c3:7d:94:aa:a9:b4:3c:08:9d:e8:
>                     e6:92:f2:60:03:ed:12:1d:df:81:9f:a7:d2:81:7f:
>                     3e:8b:fa:a4:01:ba:c1:49:1c:51:02:c6:54:3c:48:
>                     9a:3f:18:54:04:35:c4:e1:c7:12:f6:7a:26:7e:47:
>                     04:e6:f8:fc:ed:8c:2e:17:05:62:b6:73:9a:4e:52:
>                     10:17:92:52:38:3a:4d:2d:32:ab:76:c8:61:ab:36:
>                     cd:52:f9:95:bb:87:63:ad:5d:d3:d0:f9:6f:06:a6:
>                     29:6f
>                 Exponent: 65537 (0x10001)
>         X509v3 extensions:
>             X509v3 Basic Constraints: 
>                 CA:FALSE
>             Netscape Comment: 
>                 OpenSSL Generated Certificate
>             X509v3 Subject Key Identifier: 
> 
> 7C:5A:92:7E:5C:5B:3E:9B:0E:87:46:7C:FB:27:8F:34:AE:42:3B:27
>             X509v3 Authority Key Identifier: 
> 
> keyid:7C:5A:92:7E:5C:5B:3E:9B:0E:87:46:7C:FB:27:8F:34:AE:42:3B:27
> 
>     Signature Algorithm: sha1WithRSAEncryption
>         2b:b9:65:09:2d:ff:c0:80:dd:e0:f4:d0:01:9a:87:b9:da:54:
>         d2:f1:e4:0a:56:0b:cf:31:55:97:9f:93:62:df:59:3d:11:5b:
>         06:6c:e7:f9:56:9b:c8:e8:e0:77:54:12:5b:ca:98:f9:c7:fa:
>         c6:41:45:6d:14:31:2d:d6:19:a8:41:ba:89:55:5a:7f:5c:79:
>         1b:05:36:d7:e4:00:7b:e7:ae:5e:56:74:12:f9:fa:ab:63:0f:
>         f6:8e:97:cc:53:d3:91:7e:4b:48:6e:15:27:bc:73:4a:68:1f:
>         ff:36:67:b2:fa:6b:38:40:0c:f2:99:5f:75:2a:4f:27:21:a8:
>         fb:b5:9a:c3:7a:05:a5:45:03:3f:cf:85:21:eb:42:69:23:af:
>         d5:b8:32:17:4e:a5:52:c2:3e:01:bd:1f:f2:1a:b6:f0:f8:8f:
>         d9:d0:70:30:08:39:37:42:84:42:67:27:74:16:be:e7:2d:0f:
>         54:e8:3d:8b:6f:6c:76:a6:39:d9:df:e4:b9:33:9a:92:5b:3e:
>         b2:6a:8a:8f:2e:9c:3a:01:54:c7:3e:0e:f4:45:9c:bd:f6:39:
>         e9:8c:9d:95:60:e7:2a:10:f6:ac:4a:a2:b7:16:bf:06:44:76:
>         4b:5d:51:5a:0b:82:b0:53:f6:4a:d7:04:f0:85:7e:34:c6:fc:
>         50:1a:c4:b3
> -----BEGIN CERTIFICATE-----
> MIIENjCCAx6gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBnzELMAkGA1UEBhMCR0Ix
> FDASBgNVBAgTC094Zm9yZHNoaXJlMSIwIAYDVQQKExlUb3VtYXogVGVjaG5vbG9n
> eSBMaW1pdGVkMQswCQYDV1QLEwJJVDEeMBwGA1UEAxMVbWFnZ2llLmVuZy50b3Vt
> YXouY29tMSkwJwYJKoZIhvcNAQkBFhpuaWNrLmthc3BhcmlkaXNAdG91bWF6LmNv
> bTAeFw0wODA5MjkwOTQ4MTdaFw0xMTA5MjkwOTQ4MTdaMIGfMQswCQYDVQQGEwJH
> QjEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxIjAgBgNVBAoTGVRvdW1heiBUZWNobm9s
> b2d5IExpbWl0ZWQxCzAJBgNVBAsTAklUMR4wHAYDVQQDExVtYWdnaWUuZW5nLnRv
> dW1hei5jb20xKTAnBgkqhki39w0BCQEWGm5pY2sua2Fz5GFyaWRpc0B0b3VtYXou
> Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApm47H4fpGsnpXDq4
> lhmvyedAh3J2Vaj82zwFVZwlj4NbNQWfy3tOmzqEmGBG1Xm+wUy16s15K8IzhgVn
> mORid9fPmMNSk2y6HPyj+YEm6tihVs109Uf+D42VereLFCHnneLnRqLWkEwllBYg
> UXhqaNrgBixFTifEK4u8qeL7xUGLnTNf477R9VOdKwy/KpXmVyle76s66TMJAMN9
> lKqptDwInejmkvJgA+0SHd+Bn6fSgX8+i/qkAbrBSRxRAsZUPEia3xhUBDXE4ccS
> 9nomfkcE5vj87YwuFwVitnOZTlIQF5JSODpNLTKrdsHhqzbNUvmVu4djrV3T0Plv
> BqYpbwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
> IEdlbmVyYXRlZC5DZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUfFqSflxbPpsOh0Z8+yeP
> NK5COycwHwYDVR0jBBgwFoAUfFqSflxbPpsOh0Z8+yePNK5COycwDQYJKoZIhvcN
> AQEFBQADggEBACu5ZQkt/8CA3eD00AGah7naVNLx5ApWC88xVZefk2LfWT0RWwZs
> H/lWm8jo4HdUElvKmPnH+sZBRW0UMS3WGahBuolVWn9ceRsFNtfkAHvnrl5WdBL5
> +qtjD4aOl8xT05F+S0huFSe8c0poH/82Z7L6azhADPKZ73UqTychTPu1msN6BaVF
> Az/PhSHrQmkj39W4MhdOpFLCPgG9H/IatvD4j9nQcDAIOTdChEJnJ3QWvuctD1To
> PYtvbHamOdnf5LkzmpJbPrJiio8unDoBVMc+DvRFnL32OemMnzVg5yoQ9qxKorcW
> vwZEdktdUVoLgrBT9krXBPCFfjTG/FAaxLM=
> -----END CERTIFICATE-----
> 
> and finally the server key, which I modified slightly be removing a
> certificate request entry
> 
> -----BEGIN RSA PRIVATE KEY-----
> MIIEowIBAAKCAQEAxE1JzjWmgGfVxeouWrAPlqLeKMOX/F2dBVeuqNvUzZy7HU0s
> QVFFDskXj6B9u6Be09ddpGTdI5pkrdx7SVqSaGUybAxQhIp1Jtp2f2UTFAoF617T
> 9x6Jf6LYG0pGKO6YX/m9IYjfdly5jn5bCSll52unW19KmXd9bNFEfnp3Bf7cuW0r
> 4ldjYymzy8ZoNbWB+u/uusBUPthwCvbJOXQh+HW5CIlqXuP+Hl43bCktEzW0fKpV
> PsPEWc0I4e8hQykPgo+EffJltXku/Id8fcr7eu9UxDMg7fWKZN5gF2AH7vnqD5e/
> r2Ph5OiyFRtflf2tx4KMlPPk75Vj8NSo+EkTBQIDAQABAoIBAFkajAniKHXYrBxu
> NCRODoVd4GG4huCyzXeDWXCkeG/sWLLwOMpdTW9ssBktvPXp0aFu/L6GWiqzBkg0
> 8HFXf2WLqduJq3K+NncwauFgy8wo0I8KOETPw7IABQA+MqKZyuilv8fdDTH43PFl
> QYVjGTJ2lzzOgFow9unSA7k1dZluTeMyE+RzpVYwE/WSgsOFa7qYQnCXy0hlx85u
> /SNU5383/v1cvrSghDCbZ2WrllHAerjUep1FNDounGkhiWj+JWUfddL7zYM+KVdJ
> AKRaxeYo+UTAVa9rd9D8qgZo5oIJ6l53bvobkwcrVnAoYPxtzAjhcBhgtQjXSXrJ
> YrHhKQECgYEAavUIAaT/XfHDXuXYMHnSf/ZgAqipOv36OPPnXnpg0yZbyLs/dgN6
> GYVBtvd3ugfQ3ZEUfOwYw2wVq6hItq6+lQRjL+G5IsoeyKJXGIpBdlr7Yhhes1gv
> 4R5nGB97+F9kBVEmDephg0K++EeKRZMpzUgn1cBvBXrcfJsUc8OAFbUCgYEAy31q
> k8HXBltJz7QQxmXLZogFkb0dxxXUrax202e6XsqroUpmUWx1n75TVnnP4QNH0Tqx
> 8EQTDMZzQRHgFidwLAzhpI16Ex1fLfSw/lMQij7ojxtGp8LbC057dGpseBxwTPjP
> I5dpdIl2Mt8HeH5qMiizRls1EcSu1RK9cPhOWhECgjEAtU+pFSwCoQKDIgU1+EE4
> nuJQEyOpO7qEH5RS5jaLJ/sdn/551TcwSdRgLuj5agea/VEq7ZyZgcC1GFZxLE6X
> dejGubzLpBMpDrzBnS7EaRTbQ2YJATtfy7n6juduqSe/03eErOrLtQcoFjjP98zX
> //Nd671gxXEyt/lTxrpeK5ECgYBFbIFq7awFkCmLgjxi46HUVj3ILgQ1wt3vbrKP
> h4kPBAgwG+jyiJVMratTCnYAp5Td7i988EyrhB0YKxgPlt7vOGnXMSlf0hqB3ERy
> UDaJY9MF1+FwJMuEfP8jhZeCFvm9WPmag/LHfoVj6rFqy35BpJ8dNsrRSA/5w837
> 98sLcQKBgBBfNJdPOGjgLZxLM5hXI88UkYFc3ppVh83SHSikKULO5d7wrWeQDR9V
> u3t+sx8bl067E2dILPzTa9qLt3RO+GPCwOQMQUywNBh7jQ1BjaOg/4ctlJkjAdKo
> x4hAG2dU5Z7iEob5AWpfv3+A5taS8P9RjI1O2jUwnTR84vqJtNx7
> -----END RSA PRIVATE KEY-----
> 
> Any ideas would be welcome
> 
> Best Regards
> Nick
> 
>