TLS cant connect ldap+freeradius+novell
Reimer Karlsen-Masur, DFN-CERT
karlsen-masur at dfn-cert.de
Fri Jul 20 11:03:43 CEST 2007
Hi.
Martin G wrote:
> Subject of the novell-server-certificate is : O = WIFITREE
> OU = Organizational CA
Well, that looks like the SubjectDN of your Novell CA certificate. You need
to put this CA certificate (no the pkcs#12/.p12 or the private key) in PEM
format into the file referenced by option tls_cacertfile.
> And thats no FQDN!?
No.
> (I exported it from the novell as an .der and extracted it to see the
> subject, maby wrong way to do it? i havent exported the private key with
> either the .b64 or the .der and that shouldnt matter ?)
You do *not* need the private key of your novell CA cert or your novell ldap
server cert on your FreeRADIUS server.
> *output from novell*
This looks like a selfsigned root-CA certificate:
> Subject name: OU=Organizational CA.O=WIFITREE
> Issuer name: OU=Organizational CA.O=WIFITREE
> Effective date: den 22 oktober 2005 23:04:08
> Expiration date: den 22 oktober 2015 23:04:08
> Certificate status: Valid
>
> Any idea how to type the FQDN !? :(
You need to get a PEM formatted copy of this CA certificate (w/o private
key) and put that to the file referenced by option tls_cacertfile.
And for ldapsearch put this certificate into /etc/ldap/ldap.conf as
TLS_CACERT /etc/ldap/novell-ca-cert.pem
--
Beste Gruesse / Kind Regards
Reimer Karlsen-Masur
DFN-PKI FAQ: https://www.pki.dfn.de/faqpki
--
Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5853 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070720/874549f6/attachment.bin>
More information about the Freeradius-Users
mailing list