[Techtalk] certificates
Maria McKinley
maria at shadlen.org
Wed May 6 05:24:39 UTC 2009
Wim De Smet wrote:
> Hi,
>
> On Mon, May 4, 2009 at 10:31 PM, Maria McKinley <maria at shadlen.org> wrote:
>> Maria McKinley wrote:
>> > [...]
>> > certtool -i < /etc/ssl/certs/ldap.shadlen.crt | grep Version:
>> >
>> > I get version 1. According to this site:
>> >
>> > [...]
>>
>> >Nevermind, I think these instructions will do the trick:
>>
>> >http://www.debian-administration.org/articles/284
>> Ugh. Spoke too fast. I'm still getting version 1 certificates. Anybody
>> know how to get version 3 certificates?
>
> I gave it a shot with those instructions except I didn't use their
> openssl.conf and I got a v3 certificate. Check /etc/ssl/openssl.conf
> and see if there's anything in the other openssl.conf missing or
> something. Or just skip using it I think you should still get a useful
> certificate.
>
> regards,
> Wim
Interesting, I just noted that the cacert.pem is a v3 cert, but the
cert.pem is a v1 cert. For ldap configs, it usually wants both the cert
and the cacert, but maybe only the cacert will ever actually be v3 cert?
thanks,
maria
More information about the Techtalk
mailing list