11:08 a.m.
I want my linux box logging in using ldap on ssl with self-signed
certificate. I read a lot of documents, but i can't get over a problem.
I created my own CA on my ldap server and i'm signing my certificates.
Then i requested a certificate for my client using fedora directory
browser, manage certificate's option. I signed it with my CA and then i
put it on my client. I installed my CA in DS using the gui.
My DS seems to recognize, now, my certificate. Infact, it doesn't tell
me anymore he doesn't recognize peer. It seems to go, on server side. I
increased log level on client and now i can see these messages:
TLS certificate verification: Error, self signed certificate in
certificate chain
TLS certificate verification: Error, invalid CA certificate
TLS certificate verification: Error, unsupported certificate purpose
TLS: unable to get peer certificate.
request done: ld 0x83f2ee0 msgid 1
I don't know what it is and i wanna tell you i used the howto on fedora
directory server's site for making and importing the self signed
certificate, but maybe i don't understand something....
Can anyone help me with this please??
Thanks in advance.
Paolo
10:10 p.m.
I've written a guide to get the LDAPS working with self signed
certificates which show all the steps involved from certificate creation
to LDAPS from a to z.
The guide you find is located here
http://www.csse.uwa.edu.au/~ashley/
Hope that helps.
Regards Ashley
On Mon, 16 Apr 2007, Paolo Ercolani wrote:
I want my linux box logging in using ldap on ssl with self-signed
certificate. I read a lot of documents, but i can't get over a problem.
I created my own CA on my ldap server and i'm signing my certificates. Then i
requested a certificate for my client using fedora directory browser, manage
certificate's option. I signed it with my CA and then i put it on my client.
I installed my CA in DS using the gui.
My DS seems to recognize, now, my certificate. Infact, it doesn't tell me
anymore he doesn't recognize peer. It seems to go, on server side. I
increased log level on client and now i can see these messages:
TLS certificate verification: Error, self signed certificate in certificate
chain
TLS certificate verification: Error, invalid CA certificate
TLS certificate verification: Error, unsupported certificate purpose
TLS: unable to get peer certificate.
request done: ld 0x83f2ee0 msgid 1
I don't know what it is and i wanna tell you i used the howto on fedora
directory server's site for making and importing the self signed certificate,
but maybe i don't understand something....
Can anyone help me with this please??
Thanks in advance.
Paolo
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
!DSPAM:272,4623a5e1248941804284693!
--
Ashley Chew - Systems Administrator
School of Computer Science and Software Engineering
University of Western Australia
Tel: (+61 8) 6488 7082 - Fax: (+61 8) 6488 1089
Ashley[(a)]csse.uwa.edu.au - http://www.csse.uwa.edu.au/~ashley
"There is no such thing as Fate, Fate is what you make of it!"
2:10 p.m.
I get no reply, via ping or browser, from that address.
Cheers,
Greg Copeland
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-
users-bounces(a)redhat.com] On Behalf Of ashley
Sent: Monday, April 16, 2007 10:11 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] ldap and certificate
I've written a guide to get the LDAPS working with self signed
certificates which show all the steps involved from certificate
creation
to LDAPS from a to z.
The guide you find is located here
http://www.csse.uwa.edu.au/~ashley/
11:52 p.m.
Sorry our optic fibre link was down. So hence even though our server was
up you can't get to it.
Well our link is back up, so it should be there.
Cheers then, Ashley
On Tue, 17 Apr 2007, Greg Copeland wrote:
I get no reply, via ping or browser, from that address.
Cheers,
Greg Copeland
> -----Original Message-----
> From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-
> users-bounces(a)redhat.com] On Behalf Of ashley
> Sent: Monday, April 16, 2007 10:11 PM
> To: General discussion list for the Fedora Directory server project.
> Subject: Re: [Fedora-directory-users] ldap and certificate
>
>
> I've written a guide to get the LDAPS working with self signed
> certificates which show all the steps involved from certificate
creation
> to LDAPS from a to z.
>
> The guide you find is located here
>
> http://www.csse.uwa.edu.au/~ashley/
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
!DSPAM:272,462586ab275702143498666!
--
Ashley Chew - Systems Administrator
School of Computer Science and Software Engineering
University of Western Australia
Tel: (+61 8) 6488 7082 - Fax: (+61 8) 6488 1089
Ashley[(a)]csse.uwa.edu.au - http://www.csse.uwa.edu.au/~ashley
"There is no such thing as Fate, Fate is what you make of it!"
2:02 p.m.
I'm walking through
http://www.csse.uwa.edu.au/~ashley/fedora-ds/fedora-ds-26072006.html. I
have attempted it several times and each time it fails in the exact same
place. I get "pk12util-bin: PKCS12 decode import bags failed: You are
attempting to import a cert with the same issuer/serial as an existing
cert, but that is not the same cert." It fails for the same reason
every time.
I can get only one of the two certificates imported into each of the two
databases. Each time, I can only import the "DS-Server-Cert". The
other fails as above. I can confirm the DS-Server-Cert has been added
via the GUI interface.
[root@host fedora-ds]# /opt/fedora-ds/shared/bin/pk12util -i
/tmp/ldap/server.p12 -d alias -P admin-serv-host-
Enter Password or Pin for "NSS Certificate DB":
Enter Password or Pin for "NSS Certificate DB":
Enter password for PKCS12 file:
pk12util-bin: PKCS12 IMPORT SUCCESSFUL
[root@host fedora-ds]# /opt/fedora-ds/shared/bin/pk12util -i
/tmp/admingui/server.p12 -d alias -P admin-serv-host-
Enter Password or Pin for "NSS Certificate DB":
Enter password for PKCS12 file:
pk12util-bin: PKCS12 decode import bags failed: You are attempting to
import a cert with the same issuer/serial as an existing cert, but that
is not the same cert.
Cheers,
Greg Copeland
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-
users-bounces(a)redhat.com] On Behalf Of ashley
Sent: Tuesday, April 17, 2007 11:53 PM
To: General discussion list for the Fedora Directory server project.
Subject: RE: [Fedora-directory-users] ldap and certificate
Sorry our optic fibre link was down. So hence even though our server
was
up you can't get to it.
Well our link is back up, so it should be there.
Cheers then, Ashley
On Tue, 17 Apr 2007, Greg Copeland wrote:
> I get no reply, via ping or browser, from that address.
>
>
> Cheers,
>
> Greg Copeland
>
>> -----Original Message-----
>> From: fedora-directory-users-bounces(a)redhat.com
> [mailto:fedora-directory-
>> users-bounces(a)redhat.com] On Behalf Of ashley
>> Sent: Monday, April 16, 2007 10:11 PM
>> To: General discussion list for the Fedora Directory server
project.
>> Subject: Re: [Fedora-directory-users] ldap and certificate
>>
>>
>> I've written a guide to get the LDAPS working with self signed
>> certificates which show all the steps involved from certificate
> creation
>> to LDAPS from a to z.
>>
>> The guide you find is located here
>>
>> http://www.csse.uwa.edu.au/~ashley/
>
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
> !DSPAM:272,462586ab275702143498666!
>
--
Ashley Chew - Systems Administrator
School of Computer Science and Software Engineering
University of Western Australia
Tel: (+61 8) 6488 7082 - Fax: (+61 8) 6488 1089
Ashley[(a)]csse.uwa.edu.au - http://www.csse.uwa.edu.au/~ashley
"There is no such thing as Fate, Fate is what you make of it!"
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
6216
days inactive
6218
days old
389-users@lists.fedoraproject.org
4 comments
3 participants
participants (3)
-
ashley -
Greg Copeland -
Paolo Ercolani