[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: StartTLS is not working



Hi Dat,

first of all: Please send your questions to the list so that
other users with the same problem can find the solution, too.

To your problem: Please make sure that you have a correct
value for your ServerCA's private key in your openssl.cnf. It
should read something like this:


[ ServerCA ]

# Where is the base directory for the ServerCA
dir             = /usr/lib/ssl/ServerCA

# Where is the ServerCA's certificate
certificate     = $dir/ServerCA.cert.pem

# and where is the ServerCA's private key
private_key     = $dir/private/ServerCA.key.pem


Without the private key, the ServerCA will not be
able to sign your LDAP certificate. You will find more
configuration hints for openssl.cnf in the tutorial.

Hope this helps,

Hauke

-- 


----- UrsprÃngliche Mail -----
Von: "Dat Duong" <datduong2000@yahoo.com>
An: "hauke coltzau" <hauke.coltzau@FernUni-Hagen.de>
Gesendet: Dienstag, 7. Oktober 2008 09:06:07 GMT +01:00 Amsterdam/Berlin/Bern/Rom/Stockholm/Wien
Betreff: StartTLS is not working



Hi Hauke, 

I read your instruction on how to create Root CA ...I have a hard time understanding the step. I have a question on how to sign the ldap server certificated using Server CA? I get an error message: 

bash-3.00# openssl ca -name ServerCA -in afldap01.req.pem -out afldap01.cert.pem 

Using configuration from /usr/local/ssl/openssl.cnf 
variable lookup failed for ServerCA::private_key 
18908:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=ServerCA name=private_key 

Thanks 
Dat 

-- 
------------------------------------
      FernuniversitÃt in Hagen
   Lehrgebiet Kommunikationsnetze
   http://www.fernuni-hagen.de/kn

 Fon/Fax: +49 2331 987 -1142 / -353
------------------------------------