|
I had the same issue exporting my certificate in pkcs12
format to import it to the radius part of my authentification server.
Indeed, there are two certificates in the pkcs12 file for chaining with root
certificat, you must specify to write options to extract only the good one
(or edit the pem on you own to cut off the bad one).
# certutil –d .
-L
# pk12util –d .
–o ldap-server.pk12 –n «certificate name »
# pk12util –d
/etc/dirsrv/slapd-server/ -i ldap-server.pk12 –n «certificat name»
# openssl pcks12
-clcerts : no client certificate
-cacerts : no CA certificate
I think the option -cacerts will fix your issue as it fixed mine.
In fact, it's a bug with poor implementations of pem file reading (like
freeradius does).
Hope it would help.
Regards.
--
Nicolas CAREL
Service Commun
Informatique
Chef de service
Tel : 04 72 76 61 43 - e-mail : nicolas carel inrp
fr
Institut National de Recherche Pédagogique
19 allée de
Fontenay - B.P. 17424 - 69347 LYON CEDEX 07
Standard : 04 72 76 61 00 - Télécopie : 04 72 76 61 10
|
Attachment: smime.p7s
Description: S/MIME Cryptographic Signature
Hi,
Thank you for your help. I am using
fedora-ds 1.0.4-1 (RH4).
When I try to run the certutil –d . –L
command there is no output or certificate available?! Where is the mistake?
/opt/fedora-ds/alias
/opt/fedora-ds/shared/bin/certutil -d . –L
In the directory /opt/fedora-ds/alias I have
the following files:
admin-serv-host-cert8.db
admin-serv-host-key3.db
adminserver.p12
cacert.asc
cert8.db
gencert.sh
key3.db
libnssckbi.so
noise.txt
password.conf
pwdfile.txt
secmod.db
slapd-host-cert8.db
slapd- host -cert8.db.bak
slapd- host -key3.db
slapd- host -key3.db.bak
slapd- host -pin.txt
The secured LDAP connection from a client
to the server is working properly, therefore I think the certificates are
installed right.
Thank you in advance
Regards
Phru
|
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
