dont want private key of the client in the ldap

[Sarath Chandra M]

Hi everybody,

    I trying to do client authentication using self signed CA and client certificates. I want to store the client

certificate in the ldap entries. The CA certificate is in the web server. I followed the below mentioned steps

to create the CA and client certificates :

 

CA Certificate

# generate the key for the certificate and store it in .key file
openssl genrsa -des3 -out $CA_DIR/CA.key 1024

 

# sign the request for the CA cert and store it in .csr file

openssl req -new -x509 -days 365 -config $SSLDIR/openssl.cnf -key $CA_DIR/CA.key -out $CA_DIR/CA.crt

# convert the cert into pkcs12 format so that it can imported into IE
openssl pkcs12 -export -in $CA_DIR/CA.crt -inkey $CA_DIR/CA.key -out $CA_DIR/CA.pfx

Client Certificate
# generate the key for the client certificate and store it in User.key file
openssl genrsa -des3 -out $CLIENT_DIR/User.key 1024

# sign the request for the client cert and store it in User.csr file
openssl req -new -config $SSLDIR/openssl.cnf -key $CLIENT_DIR/User.key -out $CLIENT_DIR/User.csr

# generate the client cert and store it in UserID.crt
openssl ca -config $SSLDIR/openssl.cnf -cert $CA_DIR/CA.pem -in $CLIENT_DIR/User.csr -keyfile $CA_DIR/CA.key -out $CLIENT_DIR/User.crt

Now I am storing this client certificate in the ldap entry of the client/user. What I would like to know is, whether

the private key of the client is also being stored in the certificate ? Because I dont want the private key of the

client certificate to be on the ldap. How to do it ?

 

Any help please.

 

regards

Sarath