Hi. Martin G wrote: > Subject of the novell-server-certificate is : O = WIFITREE > OU = Organizational CA
Well, that looks like the SubjectDN of your Novell CA certificate. You need to put this CA certificate (no the pkcs#12/.p12 or the private key) in PEM format into the file referenced by option tls_cacertfile. > And thats no FQDN!? No. > (I exported it from the novell as an .der and extracted it to see the > subject, maby wrong way to do it? i havent exported the private key with > either the .b64 or the .der and that shouldnt matter ?) You do *not* need the private key of your novell CA cert or your novell ldap server cert on your FreeRADIUS server. > *output from novell* This looks like a selfsigned root-CA certificate: > Subject name: OU=Organizational CA.O=WIFITREE > Issuer name: OU=Organizational CA.O=WIFITREE > Effective date: den 22 oktober 2005 23:04:08 > Expiration date: den 22 oktober 2015 23:04:08 > Certificate status: Valid > > Any idea how to type the FQDN !? :( You need to get a PEM formatted copy of this CA certificate (w/o private key) and put that to the file referenced by option tls_cacertfile. And for ldapsearch put this certificate into /etc/ldap/ldap.conf as TLS_CACERT /etc/ldap/novell-ca-cert.pem -- Beste Gruesse / Kind Regards Reimer Karlsen-Masur DFN-PKI FAQ: https://www.pki.dfn.de/faqpki -- Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615 DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html