I had the same issue exporting my certificate in pkcs12 format to import it to the radius part of my authentification server.

Indeed, there are two certificates in the pkcs12 file for chaining with root certificat, you must specify to write options to extract only the good one (or edit the pem on you own to cut off the bad one).

# certutil –d . -L

# pk12util –d . –o ldap-server.pk12 –n «certificate name »

# pk12util –d /etc/dirsrv/slapd-server/ -i ldap-server.pk12 –n «certificat name»

# openssl pcks12
-clcerts : no client certificate
-cacerts : no CA certificate

I think the option -cacerts will fix your issue as it fixed mine.

In fact, it's a bug with poor implementations of pem file reading (like freeradius does).

Hope it would help.

Regards.

--
Nicolas CAREL
Service Commun Informatique
Chef de service
Tel : 04 72 76 61 43 - e-mail : nicolas carel inrp fr

Institut National de Recherche Pédagogique
19 allée de Fontenay - B.P. 17424 - 69347 LYON CEDEX 07
Standard : 04 72 76 61 00 - Télécopie : 04 72 76 61 10

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Hi,

Thank you for your help. I am using fedora-ds 1.0.4-1 (RH4).

When I try to run the certutil –d . –L command there is no output or certificate available?! Where is the mistake?

/opt/fedora-ds/alias

/opt/fedora-ds/shared/bin/certutil -d . –L

In the directory /opt/fedora-ds/alias I have the following files:

admin-serv-host-cert8.db

admin-serv-host-key3.db

adminserver.p12

cacert.asc

cert8.db

gencert.sh

key3.db

libnssckbi.so

noise.txt

password.conf

pwdfile.txt

secmod.db

slapd-host-cert8.db

slapd- host -cert8.db.bak

slapd- host -key3.db

slapd- host -key3.db.bak

slapd- host -pin.txt

The secured LDAP connection from a client to the server is working properly, therefore I think the certificates are installed right.

Thank you in advance

Regards

Phru