Thanks Richard!
I created the certificate directly on a server srv-vm1.mu-example.vrn.ru
after start of service of certification.
Output command certutil -d . -P slapd-asterisk1- -L -n ad-cert:
[root at asterisk1 alias]# ../shared/bin/certutil -d . -P
slapd-asterisk1- -L -n ad-cert
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
73:bf:d5:d6:2d:48:c6:a7:47:f9:d4:a4:34:3f:ab:f3
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=srv-vm1,DC=mup-example,DC=vrn,DC=ru"
Validity:
Not Before: Wed Jul 26 08:23:12 2006
Not After : Tue Jul 26 08:32:35 2011
Subject: "CN=srv-vm1,DC=mup-example,DC=vrn,DC=ru"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
d1:05:76:84:a6:c9:37:65:1b:2c:69:94:71:74:09:82:
f9:88:a0:f9:4f:42:ac:20:2d:36:9c:dd:0d:19:1f:17:
2e:c2:7d:fc:28:bc:e0:ee:46:36:86:ae:59:c5:f4:76:
ed:46:5e:d6:8c:62:8b:f2:17:8d:a0:bf:d3:cf:0e:e3:
5e:e5:d7:b2:8c:31:8d:be:4e:2f:21:68:75:a4:b8:cd:
7f:e6:fa:95:22:48:44:97:d3:d8:7f:5f:a8:71:de:e1:
46:d2:0b:17:8d:94:a3:f8:d6:44:7d:7b:36:53:6d:66:
02:14:e8:d6:35:7d:3a:58:ca:c0:48:83:8c:17:61:6c:
a1:47:45:e2:76:ed:3b:16:d9:8f:16:5b:8d:4a:a5:49:
79:e5:c4:83:86:66:39:ce:8b:db:fe:3e:cd:35:0f:51:
d3:13:63:17:3f:5a:91:2c:ec:73:cc:38:df:44:c8:77:
4a:80:c8:10:37:fc:b1:66:59:85:9f:ac:3a:85:d9:c3:
97:8f:03:1b:35:85:48:1c:1b:2f:8c:ed:5f:82:93:be:
dd:0e:b1:19:5c:5f:da:fc:c8:49:a8:64:c4:eb:67:e9:
60:d3:49:3e:da:40:42:f7:a1:42:06:cd:8b:2f:e2:aa:
3e:21:f2:78:b3:37:fc:65:65:21:01:df:3e:c7:17:15
Exponent: 65537 (0x10001)
Signed Extensions:
Name: Microsoft Enrollment Cert Type Extension
Data: "CA"
Name: Certificate Key Usage
Usages: Digital Signature
Certificate Signing
CRL Signing
Name: Certificate Basic Constraints
Critical: True
Data: Is a CA with no maximum path length.
Name: Certificate Subject Key ID
Data:
12:ab:df:2c:ec:92:bd:f0:94:29:d2:cf:a2:00:92:bc:
b6:35:ca:e5
Name: CRL Distribution Points
URI:
"ldap:///CN=srv-vm1,CN=srv-vm1,CN=CDP,CN=Public%20Key%20Serv
ices,CN=Services,CN=Configuration,DC=mup-example,DC=vrn,DC=ru
?certificateRevocationList?base?objectClass=cRLDistributionPo
int"
Name: Microsoft CertServ CA version
Data: 0 (0x0)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Signature:
20:87:df:98:51:90:d5:37:14:57:70:04:83:83:87:92:
ef:89:46:b7:3c:47:24:02:d9:28:d9:ee:57:07:1c:9e:
31:4e:c5:09:71:c7:fa:b1:d4:75:2c:d0:b1:c4:84:f1:
88:d5:bb:10:74:fe:1f:6d:8e:68:08:85:77:04:d4:8b:
7a:6c:aa:26:a0:d2:fa:7e:3f:f8:c9:d0:2b:e6:d5:ca:
79:49:31:9a:08:2c:72:43:5a:bb:58:fc:30:4e:15:29:
30:75:af:17:3a:7d:8b:07:4c:62:4d:7b:58:fb:a1:5d:
8d:b2:67:19:e0:bd:f6:e8:b9:a7:fc:e6:3c:23:b1:8d:
ce:44:ef:b3:68:8f:65:4c:ab:7b:b1:3e:b1:6d:2a:f0:
25:d4:8c:f1:c6:45:4e:3f:3e:1f:b6:90:8b:83:fb:32:
00:ec:3b:92:b5:2b:60:f6:ed:b1:fe:e8:45:ea:05:cd:
b7:03:34:bb:5e:87:9e:f2:a7:eb:0f:61:b3:24:41:5a:
97:18:fe:66:73:78:07:30:3a:8f:88:b3:94:5c:b5:4c:
cd:0e:cc:d2:3c:45:f2:e4:10:98:ac:68:5a:af:1f:29:
04:1c:fd:5b:a5:73:2e:5c:16:55:c3:36:64:e7:82:7b:
a0:78:aa:28:0e:e6:65:d4:e1:08:11:8b:14:2e:30:c1
Fingerprint (MD5):
36:D0:AF:D6:69:7C:8C:AF:32:72:04:D0:52:74:6B:F9
Fingerprint (SHA1):
29:D3:29:CE:70:B1:E9:0A:64:C7:63:A5:B1:95:3D:95:6D:A7:CF:08
Certificate Trust Flags:
SSL Flags:
Valid CA
Trusted CA
Trusted Client CA
Email Flags:
Valid CA
Trusted CA
Object Signing Flags:
Valid CA
Trusted CA
Safonov Alexey
-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard
Megginson
Sent: Friday, August 04, 2006 7:46 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: Error at work of the utility
ldapsearch.
One problem may be that you have to specify some additional option when
creating the MS CA cert or server certs issued by this CA. Is this a
root CA or did you get a CA certificate from somewhere else?
Do this:
cd /opt/fedora-ds/alias ; ../shared/bin/certutil -d . -P
slapd-asterisk1- -L -n ad-cert
Safonov Alexey wrote:
> Thanks Richard!
>
> In my opinion it the certificate of the CA. Certificates you can see
details
> of reception of it on a screenshot (see the attached file)
>
> Safonov Alexey
>
