7 Oct
2008
7 Oct
'08
1:25 a.m.
Hi Dat,
first of all: Please send your questions to the list so that other users with the same problem can find the solution, too.
To your problem: Please make sure that you have a correct value for your ServerCA's private key in your openssl.cnf. It should read something like this:
[ ServerCA ]
# Where is the base directory for the ServerCA dir = /usr/lib/ssl/ServerCA
# Where is the ServerCA's certificate certificate = $dir/ServerCA.cert.pem
# and where is the ServerCA's private key private_key = $dir/private/ServerCA.key.pem
Without the private key, the ServerCA will not be able to sign your LDAP certificate. You will find more configuration hints for openssl.cnf in the tutorial.
Hope this helps,
Hauke
--
----- Ursprüngliche Mail -----
Von: "Dat Duong" datduong2000@yahoo.com
An: "hauke coltzau" hauke.coltzau@FernUni-Hagen.de
Gesendet: Dienstag, 7. Oktober 2008 09:06:07 GMT +01:00 Amsterdam/Berlin/Bern/Rom/Stockholm/Wien
Betreff: StartTLS is not working
Hi Hauke,
I read your instruction on how to create Root CA ...I have a hard time understanding the step. I have a question on how to sign the ldap server certificated using Server CA? I get an error message:
bash-3.00# openssl ca -name ServerCA -in afldap01.req.pem -out afldap01.cert.pem
Using configuration from /usr/local/ssl/openssl.cnf
variable lookup failed for ServerCA::private_key
18908:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=ServerCA name=private_key
Thanks
Dat
--
------------------------------------
Fernuniversität in Hagen
Lehrgebiet Kommunikationsnetze
http://www.fernuni-hagen.de/kn
Fon/Fax: +49 2331 987 -1142 / -353
------------------------------------