Re: NSPR "Certificate type not approved for application" error when a TLS-enabled proxy LDAP OpenLDAP server connects to Fedora Directory Server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Aleksander Adamowski wrote:
However, whenever I try TLS on port 389 or SSL on port 636, OpenLDAP uses its server certificate during TLS/SSL negotiation and Fedora Directory decides that this certificate usage isn't good because it's not a client certificate. In FDS logs I can see: 
[..]
[14/Apr/2008:11:33:33 +0200] conn=1474 Netscape Portable Runtime error -8101 (Certificate type not approved for application.); unauthenticated client E=some_email,CN=hostname,ETC,ETC,; issuer E=ISSUER_DATA [14/Apr/2008:11:33:33 +0200] conn=1474 op=-1 fd=65 closed - Certificate type not approved for application.
I guess this is because of wrong X.509v3 cert extensions. Maybe you should post a text dump of the public-key cert. 

openssl x509 -in certfilename.pem -noout -text

Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux