Rusch Philipp pru09 a écrit :
I have successfully set up my directory server. For a disaster
tolerant topology I want to load balance the two servers over a F5 LTM
load balancer. My problem is, that I have tried to export the
certificate ( I have a self generated one ) without a result. The load
balancer could only read certificates in pem format. So, if anyone of
you know what type of certificate the DS uses let me know about it ;-)
The certificate was generated with the gencert.sh script which is
I don't know very much about the SSL stuff so I am not sure If I have
tried the right tools/commands.
Which one is the certificate the slapd-yourhost-cert8.db or is it only
stored in there?
Thank you in advance!
I had the same issue exporting my certificate in pkcs12 format to import
it to the radius part of my authentification server.
Indeed, there are two certificates in the pkcs12 file for chaining with
root certificat, you must specify to write options to extract only the
good one (or edit the pem on you own to cut off the bad one).
# certutil --d . -L
# pk12util --d . --o ldap-server.pk12 --n «certificate name »
# pk12util --d /etc/dirsrv/slapd-server/ -i ldap-server.pk12 --n
# openssl pcks12
-clcerts : no client certificate
-cacerts : no CA certificate
I think the option -cacerts will fix your issue as it fixed mine.
In fact, it's a bug with poor implementations of pem file reading (like
Hope it would help.
**Service Commun Informatique
*Chef de service
Tel : 04 72 76 61 43 - e-mail : nicolas.carel(a)inrp.fr
*Institut National de Recherche Pédagogique
allée de Fontenay - B.P. 17424 - 69347 LYON
Standard : 04 72 76 61 00 - Télécopie : 04 72 76 61 10