List Info

Thread: ldap and certificate
ldap and certificate
user name
 2007-04-16 11:08:56 
I want my linux box logging in using ldap on ssl with
self-signed 
certificate. I read a lot of documents, but i can't get over
a problem.

I created my own CA on my ldap server and i'm signing my
certificates. 
Then i requested a certificate for my client using fedora
directory 
browser, manage certificate's option.  I signed it with my
CA and then i 
put it on my client. I installed my CA in DS using the gui.
My DS seems to recognize, now, my certificate. Infact, it
doesn't tell 
me anymore he doesn't recognize peer. It seems to go, on
server side. I 
increased log level on client and now i can see these
messages:

TLS certificate verification: Error, self signed certificate
in 
certificate chain
TLS certificate verification: Error, invalid CA certificate
TLS certificate verification: Error, unsupported certificate
purpose
TLS: unable to get peer certificate.
request done: ld 0x83f2ee0 msgid 1

I don't know what it is and i wanna tell you i used the
howto on fedora 
directory server's site for making and importing the self
signed 
certificate, but maybe i don't understand something....

Can anyone help me with this please??

Thanks in advance.
Paolo

--
Fedora-directory-users mailing list
Fedora-directory-usersredhat.com
https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
Re: ldap and certificate
user name
 2007-04-16 22:10:37 
I've written a guide to get the LDAPS working with self
signed 
certificates which show all the steps involved from
certificate creation 
to LDAPS from a to z.

The guide you find is located here

http://www.csse.u
wa.edu.au/~ashley/

Hope that helps.

 					Regards Ashley



On Mon, 16 Apr 2007, Paolo Ercolani wrote:

> I want my linux box logging in using ldap on ssl with
self-signed 
> certificate. I read a lot of documents, but i can't get
over a problem.
>
> I created my own CA on my ldap server and i'm signing
my certificates. Then i 
> requested a certificate for my client using fedora
directory browser, manage 
> certificate's option.  I signed it with my CA and then
i put it on my client. 
> I installed my CA in DS using the gui.
> My DS seems to recognize, now, my certificate. Infact,
it doesn't tell me 
> anymore he doesn't recognize peer. It seems to go, on
server side. I 
> increased log level on client and now i can see these
messages:
>
> TLS certificate verification: Error, self signed
certificate in certificate 
> chain
> TLS certificate verification: Error, invalid CA
certificate
> TLS certificate verification: Error, unsupported
certificate purpose
> TLS: unable to get peer certificate.
> request done: ld 0x83f2ee0 msgid 1
>
> I don't know what it is and i wanna tell you i used the
howto on fedora 
> directory server's site for making and importing the
self signed certificate, 
> but maybe i don't understand something....
>
> Can anyone help me with this please??
>
> Thanks in advance.
> Paolo
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-usersredhat.com
> https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
>
>
> !DSPAM:272,4623a5e1248941804284693!
>

-- 
Ashley Chew - Systems Administrator
School of Computer Science and Software Engineering
University of Western Australia
Tel: (+61 8) 6488 7082 - Fax: (+61 8) 6488 1089
Ashley[]csse.uwa.edu.au - http://www.csse.uw
a.edu.au/~ashley

"There is no such thing as Fate, Fate is what you make
of it!"

--
Fedora-directory-users mailing list
Fedora-directory-usersredhat.com
https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )