I had the same issue exporting my certificate in pkcs12 format to import it to the radius
part of my authentification server.
Indeed, there are two certificates in the pkcs12 file for chaining with root certificat,
you must specify to write options to extract only the good one (or edit the pem on you own
to cut off the bad one).
# certutil -d . -L
# pk12util -d . -o ldap-server.pk12 -n «certificate name »
# pk12util -d /etc/dirsrv/slapd-server/ -i ldap-server.pk12 -n «certificat name»
# openssl pcks12
-clcerts : no client certificate
-cacerts : no CA certificate
I think the option -cacerts will fix your issue as it fixed mine.
In fact, it's a bug with poor implementations of pem file reading (like freeradius
does).
Hope it would help.
Regards.
--
Nicolas CAREL
Service Commun Informatique
Chef de service
Tel : 04 72 76 61 43 - e-mail : nicolas carel inrp fr
<mailto:nicolas%20carel%20inrp%20fr>
Institut National de Recherche Pédagogique
<
http://www.inrp.fr/> 19 allée de Fontenay - B.P. 17424 - 69347 LYON CEDEX 07
Standard : 04 72 76 61 00 - Télécopie : 04 72 76 61 10
Attachment: smime.p7s
<
https://www.redhat.com/archives/fedora-directory-users/2008-November/p7sg...
Description: S/MIME Cryptographic Signature
Hi,
Thank you for your help. I am using fedora-ds 1.0.4-1 (RH4).
When I try to run the certutil -d . -L command there is no output or certificate
available?! Where is the mistake?
/opt/fedora-ds/alias
/opt/fedora-ds/shared/bin/certutil -d . -L
In the directory /opt/fedora-ds/alias I have the following files:
admin-serv-host-cert8.db
admin-serv-host-key3.db
adminserver.p12
cacert.asc
cert8.db
gencert.sh
key3.db
libnssckbi.so
noise.txt
password.conf
pwdfile.txt
secmod.db
slapd-host-cert8.db
slapd- host -cert8.db.bak
slapd- host -key3.db
slapd- host -key3.db.bak
slapd- host -pin.txt
The secured LDAP connection from a client to the server is working properly, therefore I
think the certificates are installed right.
Thank you in advance
Regards
Phru