El Martes, 23 de Enero de 2007 22:50, Alex Samad escribió:
- Edit the certificate to remove the key and rename:
#> vi newreq.pem [...] #> mv newreq.pem cert.pem
don't you need to sign it here ?
Yes, as I say in my other mail, the problem it that I use "CA.pl -req" instead of "CA.pl -cert" (that geenrates an autosigned cert).
can you tell me what happens when you run
openssl x509 -in /etc/ldap/ssl/cert.pem -noout -text
and if this works
openssl rsa -in /etc/ldap/ssl/key.pem -noout -text
Now I've generated the autosigned certificate and slapd runs. My actual problem is that a few clients that I've probed (as Kaddressbook using an LDAP addressbook) refuese these certificate with the warning "Error in the certificate".
And if I do:
# ldapsearch -ZZ -h debian.domian.net -x * -LL -d 65535 I get: [...] TLS certificate verification: Error, self signed certificate [...]
So I asume that most ldap clients don't allow an autosigned certificate.
Anyway, I'm learning now about certificates, so I have to investigate first ;)
Thanks for all.