Hi, I want to import a personal cert generated lik this : * /usr/bin/openssl x509 -extfile .cfg -days 365 -CAserial ca.ser -CA ca.crt -CAkey ca.key -in toutou.csr -req -out toutou.crt I make a PKCS12 export : * /usr/bin/openssl pkcs12 -export -in toutou.crt -inkey toutou.key -certfile ca.crt -name "toutou" -caname "toutou" -out toutou.p12 I introduce it in FDS db : * pk12util -d /etc/dirsrv/slapd-ldapnew -n "toutou" -i toutou.p12 I check import : * certutil -L -d /etc/dirsrv/slapd-ldapnew I configure FDS ti user SSL encryption with management console, and restart it. It fails with error : [27/Feb/2009:13:59:17 +0100] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert toutou of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8101 - Certificate type not approved for application.) [27/Feb/2009:13:59:17 +0100] - SSL failure: None of the cipher are valid What's wrong ? Is there any special option to give to openssl for generating cert ? BR, -- ========================================== Emmanuel BILLOT IRD - Orl?ans D?l?gation aux Syst?mes d'Information (DSI) t?l : 02 38 49 95 88 ==========================================
