Hi. Martin G wrote:
Subject of the novell-server-certificate is : O = WIFITREE OU = Organizational CA
Well, that looks like the SubjectDN of your Novell CA certificate. You need to put this CA certificate (no the pkcs#12/.p12 or the private key) in PEM format into the file referenced by option tls_cacertfile.
And thats no FQDN!?
No.
(I exported it from the novell as an .der and extracted it to see the subject, maby wrong way to do it? i havent exported the private key with either the .b64 or the .der and that shouldnt matter ?)
You do *not* need the private key of your novell CA cert or your novell ldap server cert on your FreeRADIUS server.
*output from novell*
This looks like a selfsigned root-CA certificate:
Subject name: OU=Organizational CA.O=WIFITREE Issuer name: OU=Organizational CA.O=WIFITREE Effective date: den 22 oktober 2005 23:04:08 Expiration date: den 22 oktober 2015 23:04:08 Certificate status: Valid
Any idea how to type the FQDN !? :(
You need to get a PEM formatted copy of this CA certificate (w/o private key) and put that to the file referenced by option tls_cacertfile. And for ldapsearch put this certificate into /etc/ldap/ldap.conf as TLS_CACERT /etc/ldap/novell-ca-cert.pem -- Beste Gruesse / Kind Regards Reimer Karlsen-Masur DFN-PKI FAQ: https://www.pki.dfn.de/faqpki -- Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615 DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737