[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: AW: Re: AW: openldap and TLS certificates
Hello Hauke,
Thank you for the answer. I managed to get an openssl client working
with the ldap server using the following command
openssl s_client -connect <myserver>:636 -CAfile <my CAfile>
and it works fine. I get the following message at the end
Verify return code: 0 (ok)
for some reason my ldap client seems to have problems, and I still get
the same errors mentioned in previous emails. By the way in order to get
the s_client work I needed to switch to ldaps instead of ldap. If I find
a solution I will let you people know.
By the way thank you for the tutorial, I will try to translate it and
read it because there is a lot I dont understand about certificates
Best Regards
Nick
On Fri, 2008-10-03 at 16:34 +0200, Hauke Coltzau wrote:
> Hi Nick,
>
> just to make sure: Your CA certificate is not the same
> as your ldap server certificate, is it? If so, then there
> will be the problem. To get a proper server certificate, you
> will have to do the following steps:
>
> 1. Create a root CA (that means, create a self signed certificate)
> 2. Using your root CA, create a CA for your
> server certificate generation and, if needed,
> a user CA for your user certificate generation
>
> Now you have two certificates, already. A root CA cert and
> a server CA cert. Still, those are not your ldap server certificates.
>
> 3. With your server CA (NOT the root ca), create a
> server certificate for ldap.
>
> 4. Copy the server CA certificate and the root CA certificate
> into one file and call it something like
> serverca.chain.pem. This is NOT your ldap server
> certificate but the certification authority, your
> client will trust.
>
> 5. The serverca.chain.pem is to be copied to your ldap
> client and will be used as CACertFile. So if the client
> receives the ldap server cert, it can check that it came
> from a trusted CA and therefore can be accpeted.
>
> There is a very good tutorial for the CA creation available
> at http://fra.nksteidl.de/Erinnerungen/OpenSSL.php, but it
> is in German. I used that tutorial and it worked out
> perfectly.
>
> Hope, it helps,
>
> Hauke
>
>
> ----- UrsprÃngliche Mail -----
> Von: "Nick Kasparidis" <nick.kasparidis@toumaz.com>
> An: "Hauke Coltzau" <hauke.coltzau@FernUni-Hagen.de>
> CC: "openldap-technical" <openldap-technical@openldap.org>
> Gesendet: Donnerstag, 2. Oktober 2008 12:04:43 GMT +01:00 Amsterdam/Berlin/Bern/Rom/Stockholm/Wien
> Betreff: Re: AW: openldap and TLS certificates
>
> Hello again,
> I followed your instructions, and I keep getting the same errors. I
> have also tried to remove the entries before the actual certificate and
> still no change. There was another suggestion on generating the
> certificates. I will try that and hope for the best.
>
> Thanks for the help
> Nick
>
> On Tue, 2008-09-30 at 02:10 +0200, Hauke Coltzau wrote:
> > Hi Nick,
> >
> > it took me some time to set up TLS successfully, so I'm with
> > you in this journey ;-)
> >
> > >From my own experience, I would suggest to start verfifying
> > the server first. Let the client simply have the
> >
> > TLS_CACERT /<path>/<to>/<cachain>/cacert.chain.pem
> > TLS_REQCERT demand
> >
> > options set and not send any certificate at all.
> > On the server's side, only set
> >
> > TLSCertificateFile /your/cert.pem
> > TLSCertificateKeyFile /your/private/key.pem
> >
> > You will not need a CACert file on the server for now.
> >
> > Make sure that the client will not send any certificate, so
> > check your current users .ldaprc, because the client certificate
> > depends on the user that runs the ldapsearch command.
> >
> > If you can set up TLS this way, you can be sure that the
> > server is valid. To validate your client, you will need
> > a .ldaprc in the current user's home directory which points
> > to the user's cert and key. The server must be able to
> > verify the user's cert.
> >
> > Hope, this helps,
> >
> > Hauke
> >
> >
> > ----- UrsprÃngliche Mail -----
> > Von: "Nick Kasparidis" <nick.kasparidis@toumaz.com>
> > An: openldap-technical@openldap.org
> > Gesendet: Montag, 29. September 2008 17:11:10 GMT +01:00 Amsterdam/Berlin/Bern/Rom/Stockholm/Wien
> > Betreff: openldap and TLS certificates
> >
> > Hello everyone,
> > I seem to have a problem with setting up secure connections with my
> > LDAP server. I believe the problem has mainly to do with my certificates
> > rather than anything else. I used the tutorial provided by the openLDAP
> > admin guide to generate my certificates
> > http://damncoolpics.blogspot.com/2008/09/oktoberfest-2008-in-munich.html
> >
> > My slapd.conf files has the following entries
> >
> > #SSL/TLS Options
> > TLSCipherSuite HIGH:MEDIUM
> > TLSCACertificateFile /usr/local/etc/slapd-cacert.pem
> > TLSCertificateFile /usr/local/etc/slapd-cert.pem
> > TLSCertificateKeyFile /usr/local/etc/slapd-key.pem
> >
> > and my ldap.conf
> > TLS_CACERTDIR /etc/openldap/cacerts
> > TLS_CACERT /etc/openldap/cacerts/slapd-cert.pem
> >
> > slapd-cacert.pem is the certificate of the CA
> > slapd-cert.pem is the server certificate (same copy on client and
> > server)
> > slapd-key.pem is the server key (I manually removed the certificate
> > request that was generated by the process on the link above)
> >
> > I start the server using /usr/local/libexec/slapd -h ldap:/// ( also
> > tried the -d 9 flag for debugging), and when I use ldapsearch I get the
> > following errors
> >
> > (from the client)
> > ldapsearch -x -ZZ (I have most of the settings in my ldap.conf)
> >
> > ldap_start_tls: Connect error (-11)
> > additional info: error:14090086:SSL
> > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> >
> > (from the server with the -d 9 flag)
> > I get load of stuff, but the important seems to be the following
> >
> > TLS trace: SSL3 alert read:fatal:unknown CA
> > TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> > TLS: can't accept.
> > TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> > s3_pkt.c:1053
> > connection_read(12): TLS accept failure error=-1 id=0, closing
> >
> > When I try a search without the -ZZ flag everything works fine. When I
> > created the certificates I tried different common names. I tried the ip
> > address, fully qualified name (as shown below), the short name, even my
> > name, but no luck. I have read the proper RFC but could not get
> > anyusefull information. By the way I have a local DNS server and the
> > domain name should match the correct IP address (and the reverse).
> >
> > Truth is I do not know much about SSL and certificates, so I might be
> > missing something. Just for your information, The certificate authority
> > is the same with the LDAP server. I will provide the certificate below,
> > with email and addresses altered. Also the hashes have been altered so
> > key and cert will not match. I merely provide them just in case you see
> > something wrong in the syntax.
> >
> > The server certificate
> >
> > Certificate:
> > Data:
> > Version: 3 (0x2)
> > Serial Number: 1 (0x1)
> > Signature Algorithm: sha1WithRSAEncryption
> > Issuer: C=GB, ST=Oxfordshire, O=Company, OU=IT,
> > CN=ldapserver.eng.mydomain.com/emailAddress=admin@mydomain.com
> > Validity
> > Not Before: Sep 29 09:49:07 2008 GMT
> > Not After : Sep 29 09:49:07 2009 GMT
> > Subject: C=GB, ST=Oxfordshire, L=Abingdon, O=Company,, OU=IT,
> > CN=ldapserver.eng.mydomain.com/emailAddress=admin@mydomain.com
> > Subject Public Key Info:
> > Public Key Algorithm: rsaEncryption
> > RSA Public Key: (2048 bit)
> > Modulus (2048 bit):
> > 00:c4:4d:49:ce:35:a6:80:67:d5:c5:ea:2e:5a:b0:
> > 0f:96:a2:de:28:c3:97:fc:5d:9d:05:57:ae:a8:db:
> > d4:cd:8c:bb:1d:4d:2c:41:51:45:0e:c9:17:8f:a0:
> > 5b:bb:a0:5e:d3:d7:5d:a4:64:dd:23:9a:64:ad:dc:
> > 7b:49:5a:92:68:65:32:6c:0c:50:84:8a:75:26:da:
> > 76:7f:65:13:14:0a:05:eb:5e:d3:f7:1e:89:7f:a2:
> > d8:1b:4a:46:28:ee:98:5f:f9:bd:21:88:df:76:5c:
> > b9:8e:7e:5b:09:29:65:e7:6b:a7:5b:5f:4a:99:77:
> > 7d:6c:d1:44:7e:7a:77:05:fe:1c:b9:6d:2b:e2:57:
> > 63:63:29:b3:cb:c6:68:35:b5:81:fa:ef:ee:ba:c0:
> > 54:3e:d8:70:0a:f6:c9:39:74:21:f8:75:b9:08:89:
> > 6a:5e:e3:fe:1e:5e:37:b0:29:2d:13:35:b4:7c:aa:
> > 55:3e:c3:c4:59:cd:08:e1:ef:21:43:29:0f:82:8f:
> > 84:7d:f2:65:b5:79:2e:fc:87:7c:7d:ca:fb:7a:ef:
> > 54:c4:33:20:ed:f5:8a:64:de:60:18:60:07:ee:f9:
> > ea:0f:97:bf:af:63:e1:e4:e8:b2:15:1b:5f:95:fd:
> > ad:c7:83:8c:94:f3:e4:ef:95:63:f0:d4:a8:f8:49:
> > 13:05
> > Exponent: 65537 (0x10001)
> > X509v3 extensions:
> > X509v3 Basic Constraints:
> > CA:FALSE
> > Netscape Comment:
> > OpenSSL Generated Certificate
> > X509v3 Subject Key Identifier:
> >
> > 1F:9F:4E:5A:C8:61:53:4B:5F:50:28:84:F8:D7:45:54:C0:C9:7E:67
> > X509v3 Authority Key Identifier:
> >
> > keyid:7C:5A:92:7E:5C:6B:3E:9B:0E:87:46:7C:FB:27:8F:34:AD:42:3B:27
> >
> > Signature Algorithm: sha1WithRSAEncryption
> > 04:3d:f9:64:e9:c1:13:8c:98:e6:b6:33:a9:e0:8b:8e:b0:68:
> > 2f:70:8e:8e:b4:b2:6f:61:7c:bd:63:f2:cb:20:b8:6e:4f:0a:
> > 53:5f:ba:ed:32:20:c7:31:24:0c:c3:e8:d6:42:1c:a8:3e:7b:
> > 32:b4:87:94:71:d6:8b:ca:c9:57:f5:9f:fc:8d:89:77:e2:3e:
> > ac:49:cd:c8:c7:01:83:41:41:a6:05:7c:df:c6:37:0e:15:d8:
> > d2:51:3f:a5:92:b7:bf:3f:65:4e:68:71:b7:4e:3e:26:f6:15:
> > fe:38:72:e1:f9:b7:60:29:e8:ff:78:3c:aa:34:be:e8:46:f1:
> > 5f:87:8b:a1:60:8b:82:31:ca:5e:a1:31:83:e7:b7:90:be:a5:
> > 2f:ac:f7:1c:fe:af:89:15:02:af:c7:4f:2f:97:87:2b:0b:83:
> > 5c:07:83:f9:f9:c7:63:00:69:fa:c9:d0:fc:fb:7a:ef:7a:41:
> > 1c:e0:99:e4:01:73:7f:94:fa:2c:12:0f:8e:3f:8f:b4:9b:b6:
> > 85:42:90:1a:aa:d6:11:9b:49:db:83:f9:19:1e:dd:8b:0a:c7:
> > b5:c0:5c:06:78:ca:f1:75:f9:8b:eb:c0:94:b0:3f:96:fc:b8:
> > 88:7c:52:46:ad:ab:bb:22:52:c1:31:dc:87:a7:c9:bd:de:98:
> > bd:76:45:2b
> > -----BEGIN CERTIFICATE-----
> > MIIESTCCAzGgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnzELMAkGA1UEBhMCR0Ix
> > FDASBgNVBAgTC094Zm9yZHNoaXJlMSIwIAYdVQQKExlUb3VtYXogVGVjaG5vbG9n
> > eSBMaW8pdGVkMQswCQYDVQQLEwJJVDEeMBwGA1UEAxMVbWFnZ2llLmVuZy50b3Vt
> > YXouY29tMSkwJwYJKoZIhvcNAQkBFhpuaWNrLmthc3BhcmlkaXNAdG91bWF6LmNv
> > bTAeFw0wODA5MjkwOTQ5MDdaFw0wOTA5MjkwOTQ5MDdaMIGyMQswCQYDVQQGEwJH
> > QjEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxETAPBgNVBAcTCEFiaW5nZG9uMSIwIAYD
> > VQQKExlUb3VtYXogVGVjaG5vbG9neSBMaW1pdGVkMQswCQYDVQQLEwJJVDEeMBwG
> > A1UEAxMVbWFnZ2llLmVuZy50b3VtYXouY29tMSkwJwYJKoZIhvcNAQkBFhpuaWNr
> > Lmthc3BhcmlkaXNAdG91bWF6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
> > AQoCggEBAMRNSc41poBn1cXqLlqwD5ai3ijDl&xdnQVXrqjb1M2cux1NLEFRRQ7J
> > F4+gW7ugXtPXXaRk3SOaZK3ce0lakmhlMmwMUISKdSbadn9lExQKBete0/ceiX+i
> > 2BtKRijumF/5vSGI33ZcuY5+WwkpZedrp1tfSpl3fWzRRH56dwX+3LltK+JXY2Mp
> > s8vGaDW1gfrv7rrAVD7YcAr2yTl0Ifh1uQiJal7j/h5eN7ApLRM1tHyqVT7DxFnN
> > COHvIUMpD4KPhH3yZbV5LvgHfH3K+3rvVMQzIO31imTeYBdgB+756g+Xv69j4eTo
> > shUbX5X9rceCjJTz5O+VY/DUqPhJEwUCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglg
> > hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
> > BBYEFB+fXlrIYVNLX1AphPjXRVTAyX9nMB8GA1UdIwQYMBaAFHxakn5cWz6bDodG
> > fPsnjzSuQjsnMA0GCSqGSIb3DQEBBQUAA4IBAQAEPflk6cETjJjmtjOp4IuOsGgv
> > cI6OtLNvYXy9Y/LLILhuTwpTX7rtMiDGMCQMw+jWQhyoPnsytIeUcdaLyslX9Z/8
> > jYl34j6sSc3IxwGDQUGmBXzPxjcOFdjSUT+lkre/P2VOaHG3Tj4m9hX+OHLh+bdg
> > Kej/eDyqNL7oRvFfh4uhYIuCMcpeoTGD57eQvQUvrPcc/q+JFQKvx08vl4crC4NM
> > B4P5+cdjAGn6ydD8+3rvekEc4JnkAXN/lPosEg+OP4+0m7aFQpAaqtYRmknbg/kZ
> > Ht2LCse1wFwGeMrxdfmL68CUsD+W/LiIfFJGrau7IlLBMdyHp8m93pi9dkUr
> > -----END CERTIFICATE-----
> >
> >
> > The CA certificate
> >
> > Certificate:
> > Data:
> > Version: 3 (0x2)
> > Serial Number: 0 (0x0)
> > Signature Algorithm: sha1WithRSAEncryption
> > Issuer: C=GB, ST=Oxfordshire, O=Company, OU=IT,
> > CN=ldapserver.eng.mydomain.com/emailAddress=admin@mydomain.com
> > Validity
> > Not Before: Sep 29 09:48:17 2008 GMT
> > Not After : Sep 29 09:48:17 2011 GMT
> > Subject: C=GB, ST=Oxfordshire, O=Company, OU=IT,
> > CN=ldapserver.eng.mydomain.com/emailAddress=admin@mydomain.com
> > Subject Public Key Info:
> > Public Key Algorithm: rsaEncryption
> > RSA Public Key: (2048 bit)
> > Modulus (2048 bit):
> > 00:a6:6e:3b:1f:87:e9:1a:c9:e9:5c:3a:b8:96:19:
> > af:c9:e7:41:87:72:76:55:a8:fc:db:3c:05:55:9c:
> > 25:8f:83:5b:35:05:9f:cb:7b:4e:9b:3a:84:98:60:
> > 46:d5:79:be:c1:4c:b5:ea:cd:79:2b:c2:33:86:05:
> > 67:98:e4:62:77:d7:cf:98:c3:52:93:6c:ba:1c:fc:
> > a3:f9:81:26:ea:d8:a1:56:cd:74:f5:47:fe:0f:8d:
> > 95:7a:b7:8b:14:25:e7:9d:e2:e7:46:a2:d6:90:4c:
> > 25:94:16:20:51:78:6a:68:da:e0:06:2c:45:4e:27:
> > c4:2b:8b:bc:a9:e2:fb:c5:c1:8b:9d:33:5f:e3:be:
> > d1:f5:53:9d:2b:0c:bf:2a:95:e6:57:29:5e:ef:ab:
> > 3a:e9:33:09:00:c3:7d:94:aa:a9:b4:3c:08:9d:e8:
> > e6:92:f2:60:03:ed:12:1d:df:81:9f:a7:d2:81:7f:
> > 3e:8b:fa:a4:01:ba:c1:49:1c:51:02:c6:54:3c:48:
> > 9a:3f:18:54:04:35:c4:e1:c7:12:f6:7a:26:7e:47:
> > 04:e6:f8:fc:ed:8c:2e:17:05:62:b6:73:9a:4e:52:
> > 10:17:92:52:38:3a:4d:2d:32:ab:76:c8:61:ab:36:
> > cd:52:f9:95:bb:87:63:ad:5d:d3:d0:f9:6f:06:a6:
> > 29:6f
> > Exponent: 65537 (0x10001)
> > X509v3 extensions:
> > X509v3 Basic Constraints:
> > CA:FALSE
> > Netscape Comment:
> > OpenSSL Generated Certificate
> > X509v3 Subject Key Identifier:
> >
> > 7C:5A:92:7E:5C:5B:3E:9B:0E:87:46:7C:FB:27:8F:34:AE:42:3B:27
> > X509v3 Authority Key Identifier:
> >
> > keyid:7C:5A:92:7E:5C:5B:3E:9B:0E:87:46:7C:FB:27:8F:34:AE:42:3B:27
> >
> > Signature Algorithm: sha1WithRSAEncryption
> > 2b:b9:65:09:2d:ff:c0:80:dd:e0:f4:d0:01:9a:87:b9:da:54:
> > d2:f1:e4:0a:56:0b:cf:31:55:97:9f:93:62:df:59:3d:11:5b:
> > 06:6c:e7:f9:56:9b:c8:e8:e0:77:54:12:5b:ca:98:f9:c7:fa:
> > c6:41:45:6d:14:31:2d:d6:19:a8:41:ba:89:55:5a:7f:5c:79:
> > 1b:05:36:d7:e4:00:7b:e7:ae:5e:56:74:12:f9:fa:ab:63:0f:
> > f6:8e:97:cc:53:d3:91:7e:4b:48:6e:15:27:bc:73:4a:68:1f:
> > ff:36:67:b2:fa:6b:38:40:0c:f2:99:5f:75:2a:4f:27:21:a8:
> > fb:b5:9a:c3:7a:05:a5:45:03:3f:cf:85:21:eb:42:69:23:af:
> > d5:b8:32:17:4e:a5:52:c2:3e:01:bd:1f:f2:1a:b6:f0:f8:8f:
> > d9:d0:70:30:08:39:37:42:84:42:67:27:74:16:be:e7:2d:0f:
> > 54:e8:3d:8b:6f:6c:76:a6:39:d9:df:e4:b9:33:9a:92:5b:3e:
> > b2:6a:8a:8f:2e:9c:3a:01:54:c7:3e:0e:f4:45:9c:bd:f6:39:
> > e9:8c:9d:95:60:e7:2a:10:f6:ac:4a:a2:b7:16:bf:06:44:76:
> > 4b:5d:51:5a:0b:82:b0:53:f6:4a:d7:04:f0:85:7e:34:c6:fc:
> > 50:1a:c4:b3
> > -----BEGIN CERTIFICATE-----
> > MIIENjCCAx6gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBnzELMAkGA1UEBhMCR0Ix
> > FDASBgNVBAgTC094Zm9yZHNoaXJlMSIwIAYDVQQKExlUb3VtYXogVGVjaG5vbG9n
> > eSBMaW1pdGVkMQswCQYDV1QLEwJJVDEeMBwGA1UEAxMVbWFnZ2llLmVuZy50b3Vt
> > YXouY29tMSkwJwYJKoZIhvcNAQkBFhpuaWNrLmthc3BhcmlkaXNAdG91bWF6LmNv
> > bTAeFw0wODA5MjkwOTQ4MTdaFw0xMTA5MjkwOTQ4MTdaMIGfMQswCQYDVQQGEwJH
> > QjEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxIjAgBgNVBAoTGVRvdW1heiBUZWNobm9s
> > b2d5IExpbWl0ZWQxCzAJBgNVBAsTAklUMR4wHAYDVQQDExVtYWdnaWUuZW5nLnRv
> > dW1hei5jb20xKTAnBgkqhki39w0BCQEWGm5pY2sua2Fz5GFyaWRpc0B0b3VtYXou
> > Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApm47H4fpGsnpXDq4
> > lhmvyedAh3J2Vaj82zwFVZwlj4NbNQWfy3tOmzqEmGBG1Xm+wUy16s15K8IzhgVn
> > mORid9fPmMNSk2y6HPyj+YEm6tihVs109Uf+D42VereLFCHnneLnRqLWkEwllBYg
> > UXhqaNrgBixFTifEK4u8qeL7xUGLnTNf477R9VOdKwy/KpXmVyle76s66TMJAMN9
> > lKqptDwInejmkvJgA+0SHd+Bn6fSgX8+i/qkAbrBSRxRAsZUPEia3xhUBDXE4ccS
> > 9nomfkcE5vj87YwuFwVitnOZTlIQF5JSODpNLTKrdsHhqzbNUvmVu4djrV3T0Plv
> > BqYpbwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
> > IEdlbmVyYXRlZC5DZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUfFqSflxbPpsOh0Z8+yeP
> > NK5COycwHwYDVR0jBBgwFoAUfFqSflxbPpsOh0Z8+yePNK5COycwDQYJKoZIhvcN
> > AQEFBQADggEBACu5ZQkt/8CA3eD00AGah7naVNLx5ApWC88xVZefk2LfWT0RWwZs
> > H/lWm8jo4HdUElvKmPnH+sZBRW0UMS3WGahBuolVWn9ceRsFNtfkAHvnrl5WdBL5
> > +qtjD4aOl8xT05F+S0huFSe8c0poH/82Z7L6azhADPKZ73UqTychTPu1msN6BaVF
> > Az/PhSHrQmkj39W4MhdOpFLCPgG9H/IatvD4j9nQcDAIOTdChEJnJ3QWvuctD1To
> > PYtvbHamOdnf5LkzmpJbPrJiio8unDoBVMc+DvRFnL32OemMnzVg5yoQ9qxKorcW
> > vwZEdktdUVoLgrBT9krXBPCFfjTG/FAaxLM=
> > -----END CERTIFICATE-----
> >
> > and finally the server key, which I modified slightly be removing a
> > certificate request entry
> >
> > -----BEGIN RSA PRIVATE KEY-----
> > MIIEowIBAAKCAQEAxE1JzjWmgGfVxeouWrAPlqLeKMOX/F2dBVeuqNvUzZy7HU0s
> > QVFFDskXj6B9u6Be09ddpGTdI5pkrdx7SVqSaGUybAxQhIp1Jtp2f2UTFAoF617T
> > 9x6Jf6LYG0pGKO6YX/m9IYjfdly5jn5bCSll52unW19KmXd9bNFEfnp3Bf7cuW0r
> > 4ldjYymzy8ZoNbWB+u/uusBUPthwCvbJOXQh+HW5CIlqXuP+Hl43bCktEzW0fKpV
> > PsPEWc0I4e8hQykPgo+EffJltXku/Id8fcr7eu9UxDMg7fWKZN5gF2AH7vnqD5e/
> > r2Ph5OiyFRtflf2tx4KMlPPk75Vj8NSo+EkTBQIDAQABAoIBAFkajAniKHXYrBxu
> > NCRODoVd4GG4huCyzXeDWXCkeG/sWLLwOMpdTW9ssBktvPXp0aFu/L6GWiqzBkg0
> > 8HFXf2WLqduJq3K+NncwauFgy8wo0I8KOETPw7IABQA+MqKZyuilv8fdDTH43PFl
> > QYVjGTJ2lzzOgFow9unSA7k1dZluTeMyE+RzpVYwE/WSgsOFa7qYQnCXy0hlx85u
> > /SNU5383/v1cvrSghDCbZ2WrllHAerjUep1FNDounGkhiWj+JWUfddL7zYM+KVdJ
> > AKRaxeYo+UTAVa9rd9D8qgZo5oIJ6l53bvobkwcrVnAoYPxtzAjhcBhgtQjXSXrJ
> > YrHhKQECgYEAavUIAaT/XfHDXuXYMHnSf/ZgAqipOv36OPPnXnpg0yZbyLs/dgN6
> > GYVBtvd3ugfQ3ZEUfOwYw2wVq6hItq6+lQRjL+G5IsoeyKJXGIpBdlr7Yhhes1gv
> > 4R5nGB97+F9kBVEmDephg0K++EeKRZMpzUgn1cBvBXrcfJsUc8OAFbUCgYEAy31q
> > k8HXBltJz7QQxmXLZogFkb0dxxXUrax202e6XsqroUpmUWx1n75TVnnP4QNH0Tqx
> > 8EQTDMZzQRHgFidwLAzhpI16Ex1fLfSw/lMQij7ojxtGp8LbC057dGpseBxwTPjP
> > I5dpdIl2Mt8HeH5qMiizRls1EcSu1RK9cPhOWhECgjEAtU+pFSwCoQKDIgU1+EE4
> > nuJQEyOpO7qEH5RS5jaLJ/sdn/551TcwSdRgLuj5agea/VEq7ZyZgcC1GFZxLE6X
> > dejGubzLpBMpDrzBnS7EaRTbQ2YJATtfy7n6juduqSe/03eErOrLtQcoFjjP98zX
> > //Nd671gxXEyt/lTxrpeK5ECgYBFbIFq7awFkCmLgjxi46HUVj3ILgQ1wt3vbrKP
> > h4kPBAgwG+jyiJVMratTCnYAp5Td7i988EyrhB0YKxgPlt7vOGnXMSlf0hqB3ERy
> > UDaJY9MF1+FwJMuEfP8jhZeCFvm9WPmag/LHfoVj6rFqy35BpJ8dNsrRSA/5w837
> > 98sLcQKBgBBfNJdPOGjgLZxLM5hXI88UkYFc3ppVh83SHSikKULO5d7wrWeQDR9V
> > u3t+sx8bl067E2dILPzTa9qLt3RO+GPCwOQMQUywNBh7jQ1BjaOg/4ctlJkjAdKo
> > x4hAG2dU5Z7iEob5AWpfv3+A5taS8P9RjI1O2jUwnTR84vqJtNx7
> > -----END RSA PRIVATE KEY-----
> >
> > Any ideas would be welcome
> >
> > Best Regards
> > Nick
> >
> >
>
>