Hello Hauke, Thank you for the answer. I managed to get an openssl client working with the ldap server using the following command openssl s_client -connect <myserver>:636 -CAfile <my CAfile> and it works fine. I get the following message at the end Verify return code: 0 (ok) for some reason my ldap client seems to have problems, and I still get the same errors mentioned in previous emails. By the way in order to get the s_client work I needed to switch to ldaps instead of ldap. If I find a solution I will let you people know. By the way thank you for the tutorial, I will try to translate it and read it because there is a lot I dont understand about certificates
Best Regards Nick
On Fri, 2008-10-03 at 16:34 +0200, Hauke Coltzau wrote:
Hi Nick,
just to make sure: Your CA certificate is not the same as your ldap server certificate, is it? If so, then there will be the problem. To get a proper server certificate, you will have to do the following steps:
Create a root CA (that means, create a self signed certificate)
Using your root CA, create a CA for your server certificate generation and, if needed, a user CA for your user certificate generation
Now you have two certificates, already. A root CA cert and a server CA cert. Still, those are not your ldap server certificates.
With your server CA (NOT the root ca), create a server certificate for ldap.
Copy the server CA certificate and the root CA certificate into one file and call it something like serverca.chain.pem. This is NOT your ldap server certificate but the certification authority, your client will trust.
The serverca.chain.pem is to be copied to your ldap client and will be used as CACertFile. So if the client receives the ldap server cert, it can check that it came from a trusted CA and therefore can be accpeted.
There is a very good tutorial for the CA creation available at http://fra.nksteidl.de/Erinnerungen/OpenSSL.php, but it is in German. I used that tutorial and it worked out perfectly.
Hope, it helps,
Hauke
----- Ursprüngliche Mail ----- Von: "Nick Kasparidis" nick.kasparidis@toumaz.com An: "Hauke Coltzau" hauke.coltzau@FernUni-Hagen.de CC: "openldap-technical" openldap-technical@openldap.org Gesendet: Donnerstag, 2. Oktober 2008 12:04:43 GMT +01:00 Amsterdam/Berlin/Bern/Rom/Stockholm/Wien Betreff: Re: AW: openldap and TLS certificates
Hello again, I followed your instructions, and I keep getting the same errors. I have also tried to remove the entries before the actual certificate and still no change. There was another suggestion on generating the certificates. I will try that and hope for the best.
Thanks for the help Nick
On Tue, 2008-09-30 at 02:10 +0200, Hauke Coltzau wrote:
Hi Nick,
it took me some time to set up TLS successfully, so I'm with you in this journey ;-)
From my own experience, I would suggest to start verfifying
the server first. Let the client simply have the
TLS_CACERT /<path>/<to>/<cachain>/cacert.chain.pem TLS_REQCERT demand
options set and not send any certificate at all. On the server's side, only set
TLSCertificateFile /your/cert.pem TLSCertificateKeyFile /your/private/key.pem
You will not need a CACert file on the server for now.
Make sure that the client will not send any certificate, so check your current users .ldaprc, because the client certificate depends on the user that runs the ldapsearch command.
If you can set up TLS this way, you can be sure that the server is valid. To validate your client, you will need a .ldaprc in the current user's home directory which points to the user's cert and key. The server must be able to verify the user's cert.
Hope, this helps,
Hauke
----- Ursprüngliche Mail ----- Von: "Nick Kasparidis" nick.kasparidis@toumaz.com An: openldap-technical@openldap.org Gesendet: Montag, 29. September 2008 17:11:10 GMT +01:00 Amsterdam/Berlin/Bern/Rom/Stockholm/Wien Betreff: openldap and TLS certificates
Hello everyone, I seem to have a problem with setting up secure connections with my LDAP server. I believe the problem has mainly to do with my certificates rather than anything else. I used the tutorial provided by the openLDAP admin guide to generate my certificates http://damncoolpics.blogspot.com/2008/09/oktoberfest-2008-in-munich.html
My slapd.conf files has the following entries
#SSL/TLS Options TLSCipherSuite HIGH:MEDIUM TLSCACertificateFile /usr/local/etc/slapd-cacert.pem TLSCertificateFile /usr/local/etc/slapd-cert.pem TLSCertificateKeyFile /usr/local/etc/slapd-key.pem
and my ldap.conf TLS_CACERTDIR /etc/openldap/cacerts TLS_CACERT /etc/openldap/cacerts/slapd-cert.pem
slapd-cacert.pem is the certificate of the CA slapd-cert.pem is the server certificate (same copy on client and server) slapd-key.pem is the server key (I manually removed the certificate request that was generated by the process on the link above)
I start the server using /usr/local/libexec/slapd -h ldap:/// ( also tried the -d 9 flag for debugging), and when I use ldapsearch I get the following errors
(from the client) ldapsearch -x -ZZ (I have most of the settings in my ldap.conf)
ldap_start_tls: Connect error (-11) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
(from the server with the -d 9 flag) I get load of stuff, but the important seems to be the following
TLS trace: SSL3 alert read:fatal:unknown CA TLS trace: SSL_accept:failed in SSLv3 read client certificate A TLS: can't accept. TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca s3_pkt.c:1053 connection_read(12): TLS accept failure error=-1 id=0, closing
When I try a search without the -ZZ flag everything works fine. When I created the certificates I tried different common names. I tried the ip address, fully qualified name (as shown below), the short name, even my name, but no luck. I have read the proper RFC but could not get anyusefull information. By the way I have a local DNS server and the domain name should match the correct IP address (and the reverse).
Truth is I do not know much about SSL and certificates, so I might be missing something. Just for your information, The certificate authority is the same with the LDAP server. I will provide the certificate below, with email and addresses altered. Also the hashes have been altered so key and cert will not match. I merely provide them just in case you see something wrong in the syntax.
The server certificate
Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=GB, ST=Oxfordshire, O=Company, OU=IT, CN=ldapserver.eng.mydomain.com/emailAddress=admin@mydomain.com Validity Not Before: Sep 29 09:49:07 2008 GMT Not After : Sep 29 09:49:07 2009 GMT Subject: C=GB, ST=Oxfordshire, L=Abingdon, O=Company,, OU=IT, CN=ldapserver.eng.mydomain.com/emailAddress=admin@mydomain.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:c4:4d:49:ce:35:a6:80:67:d5:c5:ea:2e:5a:b0: 0f:96:a2:de:28:c3:97:fc:5d:9d:05:57:ae:a8:db: d4:cd:8c:bb:1d:4d:2c:41:51:45:0e:c9:17:8f:a0: 5b:bb:a0:5e:d3:d7:5d:a4:64:dd:23:9a:64:ad:dc: 7b:49:5a:92:68:65:32:6c:0c:50:84:8a:75:26:da: 76:7f:65:13:14:0a:05:eb:5e:d3:f7:1e:89:7f:a2: d8:1b:4a:46:28:ee:98:5f:f9:bd:21:88:df:76:5c: b9:8e:7e:5b:09:29:65:e7:6b:a7:5b:5f:4a:99:77: 7d:6c:d1:44:7e:7a:77:05:fe:1c:b9:6d:2b:e2:57: 63:63:29:b3:cb:c6:68:35:b5:81:fa:ef:ee:ba:c0: 54:3e:d8:70:0a:f6:c9:39:74:21:f8:75:b9:08:89: 6a:5e:e3:fe:1e:5e:37:b0:29:2d:13:35:b4:7c:aa: 55:3e:c3:c4:59:cd:08:e1:ef:21:43:29:0f:82:8f: 84:7d:f2:65:b5:79:2e:fc:87:7c:7d:ca:fb:7a:ef: 54:c4:33:20:ed:f5:8a:64:de:60:18:60:07:ee:f9: ea:0f:97:bf:af:63:e1:e4:e8:b2:15:1b:5f:95:fd: ad:c7:83:8c:94:f3:e4:ef:95:63:f0:d4:a8:f8:49: 13:05 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier:
1F:9F:4E:5A:C8:61:53:4B:5F:50:28:84:F8:D7:45:54:C0:C9:7E:67 X509v3 Authority Key Identifier:
keyid:7C:5A:92:7E:5C:6B:3E:9B:0E:87:46:7C:FB:27:8F:34:AD:42:3B:27
Signature Algorithm: sha1WithRSAEncryption 04:3d:f9:64:e9:c1:13:8c:98:e6:b6:33:a9:e0:8b:8e:b0:68: 2f:70:8e:8e:b4:b2:6f:61:7c:bd:63:f2:cb:20:b8:6e:4f:0a: 53:5f:ba:ed:32:20:c7:31:24:0c:c3:e8:d6:42:1c:a8:3e:7b: 32:b4:87:94:71:d6:8b:ca:c9:57:f5:9f:fc:8d:89:77:e2:3e: ac:49:cd:c8:c7:01:83:41:41:a6:05:7c:df:c6:37:0e:15:d8: d2:51:3f:a5:92:b7:bf:3f:65:4e:68:71:b7:4e:3e:26:f6:15: fe:38:72:e1:f9:b7:60:29:e8:ff:78:3c:aa:34:be:e8:46:f1: 5f:87:8b:a1:60:8b:82:31:ca:5e:a1:31:83:e7:b7:90:be:a5: 2f:ac:f7:1c:fe:af:89:15:02:af:c7:4f:2f:97:87:2b:0b:83: 5c:07:83:f9:f9:c7:63:00:69:fa:c9:d0:fc:fb:7a:ef:7a:41: 1c:e0:99:e4:01:73:7f:94:fa:2c:12:0f:8e:3f:8f:b4:9b:b6: 85:42:90:1a:aa:d6:11:9b:49:db:83:f9:19:1e:dd:8b:0a:c7: b5:c0:5c:06:78:ca:f1:75:f9:8b:eb:c0:94:b0:3f:96:fc:b8: 88:7c:52:46:ad:ab:bb:22:52:c1:31:dc:87:a7:c9:bd:de:98: bd:76:45:2b-----BEGIN CERTIFICATE----- MIIESTCCAzGgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnzELMAkGA1UEBhMCR0Ix FDASBgNVBAgTC094Zm9yZHNoaXJlMSIwIAYdVQQKExlUb3VtYXogVGVjaG5vbG9n eSBMaW8pdGVkMQswCQYDVQQLEwJJVDEeMBwGA1UEAxMVbWFnZ2llLmVuZy50b3Vt YXouY29tMSkwJwYJKoZIhvcNAQkBFhpuaWNrLmthc3BhcmlkaXNAdG91bWF6LmNv bTAeFw0wODA5MjkwOTQ5MDdaFw0wOTA5MjkwOTQ5MDdaMIGyMQswCQYDVQQGEwJH QjEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxETAPBgNVBAcTCEFiaW5nZG9uMSIwIAYD VQQKExlUb3VtYXogVGVjaG5vbG9neSBMaW1pdGVkMQswCQYDVQQLEwJJVDEeMBwG A1UEAxMVbWFnZ2llLmVuZy50b3VtYXouY29tMSkwJwYJKoZIhvcNAQkBFhpuaWNr Lmthc3BhcmlkaXNAdG91bWF6LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAMRNSc41poBn1cXqLlqwD5ai3ijDl&xdnQVXrqjb1M2cux1NLEFRRQ7J F4+gW7ugXtPXXaRk3SOaZK3ce0lakmhlMmwMUISKdSbadn9lExQKBete0/ceiX+i 2BtKRijumF/5vSGI33ZcuY5+WwkpZedrp1tfSpl3fWzRRH56dwX+3LltK+JXY2Mp s8vGaDW1gfrv7rrAVD7YcAr2yTl0Ifh1uQiJal7j/h5eN7ApLRM1tHyqVT7DxFnN COHvIUMpD4KPhH3yZbV5LvgHfH3K+3rvVMQzIO31imTeYBdgB+756g+Xv69j4eTo shUbX5X9rceCjJTz5O+VY/DUqPhJEwUCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglg hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O BBYEFB+fXlrIYVNLX1AphPjXRVTAyX9nMB8GA1UdIwQYMBaAFHxakn5cWz6bDodG fPsnjzSuQjsnMA0GCSqGSIb3DQEBBQUAA4IBAQAEPflk6cETjJjmtjOp4IuOsGgv cI6OtLNvYXy9Y/LLILhuTwpTX7rtMiDGMCQMw+jWQhyoPnsytIeUcdaLyslX9Z/8 jYl34j6sSc3IxwGDQUGmBXzPxjcOFdjSUT+lkre/P2VOaHG3Tj4m9hX+OHLh+bdg Kej/eDyqNL7oRvFfh4uhYIuCMcpeoTGD57eQvQUvrPcc/q+JFQKvx08vl4crC4NM B4P5+cdjAGn6ydD8+3rvekEc4JnkAXN/lPosEg+OP4+0m7aFQpAaqtYRmknbg/kZ Ht2LCse1wFwGeMrxdfmL68CUsD+W/LiIfFJGrau7IlLBMdyHp8m93pi9dkUr -----END CERTIFICATE-----
The CA certificate
Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=GB, ST=Oxfordshire, O=Company, OU=IT, CN=ldapserver.eng.mydomain.com/emailAddress=admin@mydomain.com Validity Not Before: Sep 29 09:48:17 2008 GMT Not After : Sep 29 09:48:17 2011 GMT Subject: C=GB, ST=Oxfordshire, O=Company, OU=IT, CN=ldapserver.eng.mydomain.com/emailAddress=admin@mydomain.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:a6:6e:3b:1f:87:e9:1a:c9:e9:5c:3a:b8:96:19: af:c9:e7:41:87:72:76:55:a8:fc:db:3c:05:55:9c: 25:8f:83:5b:35:05:9f:cb:7b:4e:9b:3a:84:98:60: 46:d5:79:be:c1:4c:b5:ea:cd:79:2b:c2:33:86:05: 67:98:e4:62:77:d7:cf:98:c3:52:93:6c:ba:1c:fc: a3:f9:81:26:ea:d8:a1:56:cd:74:f5:47:fe:0f:8d: 95:7a:b7:8b:14:25:e7:9d:e2:e7:46:a2:d6:90:4c: 25:94:16:20:51:78:6a:68:da:e0:06:2c:45:4e:27: c4:2b:8b:bc:a9:e2:fb:c5:c1:8b:9d:33:5f:e3:be: d1:f5:53:9d:2b:0c:bf:2a:95:e6:57:29:5e:ef:ab: 3a:e9:33:09:00:c3:7d:94:aa:a9:b4:3c:08:9d:e8: e6:92:f2:60:03:ed:12:1d:df:81:9f:a7:d2:81:7f: 3e:8b:fa:a4:01:ba:c1:49:1c:51:02:c6:54:3c:48: 9a:3f:18:54:04:35:c4:e1:c7:12:f6:7a:26:7e:47: 04:e6:f8:fc:ed:8c:2e:17:05:62:b6:73:9a:4e:52: 10:17:92:52:38:3a:4d:2d:32:ab:76:c8:61:ab:36: cd:52:f9:95:bb:87:63:ad:5d:d3:d0:f9:6f:06:a6: 29:6f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier:
7C:5A:92:7E:5C:5B:3E:9B:0E:87:46:7C:FB:27:8F:34:AE:42:3B:27 X509v3 Authority Key Identifier:
keyid:7C:5A:92:7E:5C:5B:3E:9B:0E:87:46:7C:FB:27:8F:34:AE:42:3B:27
Signature Algorithm: sha1WithRSAEncryption 2b:b9:65:09:2d:ff:c0:80:dd:e0:f4:d0:01:9a:87:b9:da:54: d2:f1:e4:0a:56:0b:cf:31:55:97:9f:93:62:df:59:3d:11:5b: 06:6c:e7:f9:56:9b:c8:e8:e0:77:54:12:5b:ca:98:f9:c7:fa: c6:41:45:6d:14:31:2d:d6:19:a8:41:ba:89:55:5a:7f:5c:79: 1b:05:36:d7:e4:00:7b:e7:ae:5e:56:74:12:f9:fa:ab:63:0f: f6:8e:97:cc:53:d3:91:7e:4b:48:6e:15:27:bc:73:4a:68:1f: ff:36:67:b2:fa:6b:38:40:0c:f2:99:5f:75:2a:4f:27:21:a8: fb:b5:9a:c3:7a:05:a5:45:03:3f:cf:85:21:eb:42:69:23:af: d5:b8:32:17:4e:a5:52:c2:3e:01:bd:1f:f2:1a:b6:f0:f8:8f: d9:d0:70:30:08:39:37:42:84:42:67:27:74:16:be:e7:2d:0f: 54:e8:3d:8b:6f:6c:76:a6:39:d9:df:e4:b9:33:9a:92:5b:3e: b2:6a:8a:8f:2e:9c:3a:01:54:c7:3e:0e:f4:45:9c:bd:f6:39: e9:8c:9d:95:60:e7:2a:10:f6:ac:4a:a2:b7:16:bf:06:44:76: 4b:5d:51:5a:0b:82:b0:53:f6:4a:d7:04:f0:85:7e:34:c6:fc: 50:1a:c4:b3-----BEGIN CERTIFICATE----- MIIENjCCAx6gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBnzELMAkGA1UEBhMCR0Ix FDASBgNVBAgTC094Zm9yZHNoaXJlMSIwIAYDVQQKExlUb3VtYXogVGVjaG5vbG9n eSBMaW1pdGVkMQswCQYDV1QLEwJJVDEeMBwGA1UEAxMVbWFnZ2llLmVuZy50b3Vt YXouY29tMSkwJwYJKoZIhvcNAQkBFhpuaWNrLmthc3BhcmlkaXNAdG91bWF6LmNv bTAeFw0wODA5MjkwOTQ4MTdaFw0xMTA5MjkwOTQ4MTdaMIGfMQswCQYDVQQGEwJH QjEUMBIGA1UECBMLT3hmb3Jkc2hpcmUxIjAgBgNVBAoTGVRvdW1heiBUZWNobm9s b2d5IExpbWl0ZWQxCzAJBgNVBAsTAklUMR4wHAYDVQQDExVtYWdnaWUuZW5nLnRv dW1hei5jb20xKTAnBgkqhki39w0BCQEWGm5pY2sua2Fz5GFyaWRpc0B0b3VtYXou Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApm47H4fpGsnpXDq4 lhmvyedAh3J2Vaj82zwFVZwlj4NbNQWfy3tOmzqEmGBG1Xm+wUy16s15K8IzhgVn mORid9fPmMNSk2y6HPyj+YEm6tihVs109Uf+D42VereLFCHnneLnRqLWkEwllBYg UXhqaNrgBixFTifEK4u8qeL7xUGLnTNf477R9VOdKwy/KpXmVyle76s66TMJAMN9 lKqptDwInejmkvJgA+0SHd+Bn6fSgX8+i/qkAbrBSRxRAsZUPEia3xhUBDXE4ccS 9nomfkcE5vj87YwuFwVitnOZTlIQF5JSODpNLTKrdsHhqzbNUvmVu4djrV3T0Plv BqYpbwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM IEdlbmVyYXRlZC5DZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUfFqSflxbPpsOh0Z8+yeP NK5COycwHwYDVR0jBBgwFoAUfFqSflxbPpsOh0Z8+yePNK5COycwDQYJKoZIhvcN AQEFBQADggEBACu5ZQkt/8CA3eD00AGah7naVNLx5ApWC88xVZefk2LfWT0RWwZs H/lWm8jo4HdUElvKmPnH+sZBRW0UMS3WGahBuolVWn9ceRsFNtfkAHvnrl5WdBL5 +qtjD4aOl8xT05F+S0huFSe8c0poH/82Z7L6azhADPKZ73UqTychTPu1msN6BaVF Az/PhSHrQmkj39W4MhdOpFLCPgG9H/IatvD4j9nQcDAIOTdChEJnJ3QWvuctD1To PYtvbHamOdnf5LkzmpJbPrJiio8unDoBVMc+DvRFnL32OemMnzVg5yoQ9qxKorcW vwZEdktdUVoLgrBT9krXBPCFfjTG/FAaxLM= -----END CERTIFICATE-----
and finally the server key, which I modified slightly be removing a certificate request entry
-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAxE1JzjWmgGfVxeouWrAPlqLeKMOX/F2dBVeuqNvUzZy7HU0s QVFFDskXj6B9u6Be09ddpGTdI5pkrdx7SVqSaGUybAxQhIp1Jtp2f2UTFAoF617T 9x6Jf6LYG0pGKO6YX/m9IYjfdly5jn5bCSll52unW19KmXd9bNFEfnp3Bf7cuW0r 4ldjYymzy8ZoNbWB+u/uusBUPthwCvbJOXQh+HW5CIlqXuP+Hl43bCktEzW0fKpV PsPEWc0I4e8hQykPgo+EffJltXku/Id8fcr7eu9UxDMg7fWKZN5gF2AH7vnqD5e/ r2Ph5OiyFRtflf2tx4KMlPPk75Vj8NSo+EkTBQIDAQABAoIBAFkajAniKHXYrBxu NCRODoVd4GG4huCyzXeDWXCkeG/sWLLwOMpdTW9ssBktvPXp0aFu/L6GWiqzBkg0 8HFXf2WLqduJq3K+NncwauFgy8wo0I8KOETPw7IABQA+MqKZyuilv8fdDTH43PFl QYVjGTJ2lzzOgFow9unSA7k1dZluTeMyE+RzpVYwE/WSgsOFa7qYQnCXy0hlx85u /SNU5383/v1cvrSghDCbZ2WrllHAerjUep1FNDounGkhiWj+JWUfddL7zYM+KVdJ AKRaxeYo+UTAVa9rd9D8qgZo5oIJ6l53bvobkwcrVnAoYPxtzAjhcBhgtQjXSXrJ YrHhKQECgYEAavUIAaT/XfHDXuXYMHnSf/ZgAqipOv36OPPnXnpg0yZbyLs/dgN6 GYVBtvd3ugfQ3ZEUfOwYw2wVq6hItq6+lQRjL+G5IsoeyKJXGIpBdlr7Yhhes1gv 4R5nGB97+F9kBVEmDephg0K++EeKRZMpzUgn1cBvBXrcfJsUc8OAFbUCgYEAy31q k8HXBltJz7QQxmXLZogFkb0dxxXUrax202e6XsqroUpmUWx1n75TVnnP4QNH0Tqx 8EQTDMZzQRHgFidwLAzhpI16Ex1fLfSw/lMQij7ojxtGp8LbC057dGpseBxwTPjP I5dpdIl2Mt8HeH5qMiizRls1EcSu1RK9cPhOWhECgjEAtU+pFSwCoQKDIgU1+EE4 nuJQEyOpO7qEH5RS5jaLJ/sdn/551TcwSdRgLuj5agea/VEq7ZyZgcC1GFZxLE6X dejGubzLpBMpDrzBnS7EaRTbQ2YJATtfy7n6juduqSe/03eErOrLtQcoFjjP98zX //Nd671gxXEyt/lTxrpeK5ECgYBFbIFq7awFkCmLgjxi46HUVj3ILgQ1wt3vbrKP h4kPBAgwG+jyiJVMratTCnYAp5Td7i988EyrhB0YKxgPlt7vOGnXMSlf0hqB3ERy UDaJY9MF1+FwJMuEfP8jhZeCFvm9WPmag/LHfoVj6rFqy35BpJ8dNsrRSA/5w837 98sLcQKBgBBfNJdPOGjgLZxLM5hXI88UkYFc3ppVh83SHSikKULO5d7wrWeQDR9V u3t+sx8bl067E2dILPzTa9qLt3RO+GPCwOQMQUywNBh7jQ1BjaOg/4ctlJkjAdKo x4hAG2dU5Z7iEob5AWpfv3+A5taS8P9RjI1O2jUwnTR84vqJtNx7 -----END RSA PRIVATE KEY-----
Any ideas would be welcome
Best Regards Nick