Aleksander Adamowski wrote: > > However, whenever I try TLS on port 389 or SSL on port 636, OpenLDAP > uses its server certificate during TLS/SSL negotiation and Fedora > Directory decides that this certificate usage isn't good because it's > not a client certificate. In FDS logs I can see: > [..] > [14/Apr/2008:11:33:33 +0200] conn=1474 Netscape Portable Runtime error > -8101 (Certificate type not approved for application.); unauthenticated > client E=some_email,CN=hostname,ETC,ETC,; issuer E=ISSUER_DATA > [14/Apr/2008:11:33:33 +0200] conn=1474 op=-1 fd=65 closed - Certificate > type not approved for application. I guess this is because of wrong X.509v3 cert extensions. Maybe you should post a text dump of the public-key cert. openssl x509 -in certfilename.pem -noout -text Ciao, Michael.
