[Techtalk] certificates

Wim De Smet kromagg at gmail.com
Thu May 7 09:38:17 UTC 2009


On Wed, May 6, 2009 at 11:11 PM, Maria McKinley <maria at shadlen.org> wrote:
> Wim De Smet wrote:
>
>> In principle you should end up with a v3 cert since you're using v3
>> extensions on the req. Well, I think. Check if the request has the
>> requested extensions section. I think these are getting lost
>> somewhere, perhaps because of ca's copy_extensions?
>>
>> BTW, the bugs and warnings sections of ca(1) is particularly amusing to read.
>>
>> regards,
>> Wim
>> _________
>
> I have concluded that the problem is not with my certificates or my
> slapd.conf file. A friend with debian used my config file, and created
> certs/keys using the same instructions as I was using, and was able to
> start slapd without any problems. I compared the certs he had created
> with the ones I had created, and they are the same in every way that
> matters. Is there anything else, maybe another config file somewhere,
> that tls uses in conjunction with slapd that could be screwing things
> up? What other things could possibly cause tls to not work besides
> slapd.conf and the certs/keys?

Back to basics then I guess, file permissions of the certs perhaps?

regards,
Wim


More information about the Techtalk mailing list