On Wednesday 24 November 2004 11:44, Dr. Stephen Henson wrote: > On Wed, Nov 24, 2004, Florin Angelescu wrote: > > On Tuesday 23 November 2004 16:57, Dr. Stephen Henson wrote: > > > On Tue, Nov 23, 2004, Florin Angelescu wrote: > > > > Hello > > > > I am trying to set up an ssl acces to ldap > > > > following http://www.openldap.org/faq/data/cache/185.html > > > > > > > > i created my ca > > > > and signed the certificates for the server and client > > > > but i still get a 'self signed error' > > > > i checked and i saw that it was because of cacert.pem which is > > > > selfsigned > > > > > > > > question : how to solve this ??? > > > > (do i have to sign the CA certificate by another CA ? and how ? ) > > > > thank you very much > > > > > > Firstly I'd suggest you use CA.pl instead of CA.sh which is older. > > > > > > What is giving you the error? If its a client then you'd need to > > > include a command line switch or configuration option telling it to > > > include 'cacert.pem' in its trusted list of CAs. > > > > > > Steve. > > > -- > > > > Thank you for answering. > > The error is given by ldapsearch ( and ldap.conf & sldap.conf are well > > configured). > > The error is also reported by openssl. > > "self signed certificate in certification chain" > > (the CA certificate) > > The problem is not that you have a self signed CA it is that the software > doesn't trust it. The configuration or command line options should provide > a means of specifying a file or directory containing trusted CAs. You > should change them to include 'cacert.pem'. > > Steve. i used CA.pl -newcert i thought it does everything for me .... here is what i got
ldap misc # openssl verify demoCA/cacert.pem demoCA/cacert.pem: /C=BE/ST=BEGLIUM/L=BRUSSELS/O=CAAMI_CA1/OU=CCI/CN=CAAMI_CA1/[EMAIL PROTECTED] error 18 at 0 depth lookup:self signed certificate OK ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
