[Fedora-directory-users] Error at work of the utility ldapsearch.

Safonov Alexey alex-saf at archit.vrn.ru
Sun Aug 6 09:21:35 UTC 2006 

Thanks Richard!

I created the certificate directly on a server srv-vm1.mu-example.vrn.ru
after start of service of certification.
Output command certutil -d . -P slapd-asterisk1- -L -n ad-cert:

[root at asterisk1 alias]# ../shared/bin/certutil -d . -P
slapd-asterisk1- -L -n ad-cert
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:bf:d5:d6:2d:48:c6:a7:47:f9:d4:a4:34:3f:ab:f3
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=srv-vm1,DC=mup-example,DC=vrn,DC=ru"
        Validity:
            Not Before: Wed Jul 26 08:23:12 2006
            Not After : Tue Jul 26 08:32:35 2011
        Subject: "CN=srv-vm1,DC=mup-example,DC=vrn,DC=ru"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d1:05:76:84:a6:c9:37:65:1b:2c:69:94:71:74:09:82:
                    f9:88:a0:f9:4f:42:ac:20:2d:36:9c:dd:0d:19:1f:17:
                    2e:c2:7d:fc:28:bc:e0:ee:46:36:86:ae:59:c5:f4:76:
                    ed:46:5e:d6:8c:62:8b:f2:17:8d:a0:bf:d3:cf:0e:e3:
                    5e:e5:d7:b2:8c:31:8d:be:4e:2f:21:68:75:a4:b8:cd:
                    7f:e6:fa:95:22:48:44:97:d3:d8:7f:5f:a8:71:de:e1:
                    46:d2:0b:17:8d:94:a3:f8:d6:44:7d:7b:36:53:6d:66:
                    02:14:e8:d6:35:7d:3a:58:ca:c0:48:83:8c:17:61:6c:
                    a1:47:45:e2:76:ed:3b:16:d9:8f:16:5b:8d:4a:a5:49:
                    79:e5:c4:83:86:66:39:ce:8b:db:fe:3e:cd:35:0f:51:
                    d3:13:63:17:3f:5a:91:2c:ec:73:cc:38:df:44:c8:77:
                    4a:80:c8:10:37:fc:b1:66:59:85:9f:ac:3a:85:d9:c3:
                    97:8f:03:1b:35:85:48:1c:1b:2f:8c:ed:5f:82:93:be:
                    dd:0e:b1:19:5c:5f:da:fc:c8:49:a8:64:c4:eb:67:e9:
                    60:d3:49:3e:da:40:42:f7:a1:42:06:cd:8b:2f:e2:aa:
                    3e:21:f2:78:b3:37:fc:65:65:21:01:df:3e:c7:17:15
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Microsoft Enrollment Cert Type Extension
            Data: "CA"

            Name: Certificate Key Usage
            Usages: Digital Signature
                    Certificate Signing
                    CRL Signing

            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.

            Name: Certificate Subject Key ID
            Data:
                12:ab:df:2c:ec:92:bd:f0:94:29:d2:cf:a2:00:92:bc:
                b6:35:ca:e5

            Name: CRL Distribution Points
            URI:
"ldap:///CN=srv-vm1,CN=srv-vm1,CN=CDP,CN=Public%20Key%20Serv

ices,CN=Services,CN=Configuration,DC=mup-example,DC=vrn,DC=ru

?certificateRevocationList?base?objectClass=cRLDistributionPo
                int"

            Name: Microsoft CertServ CA version
            Data: 0 (0x0)

    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        20:87:df:98:51:90:d5:37:14:57:70:04:83:83:87:92:
        ef:89:46:b7:3c:47:24:02:d9:28:d9:ee:57:07:1c:9e:
        31:4e:c5:09:71:c7:fa:b1:d4:75:2c:d0:b1:c4:84:f1:
        88:d5:bb:10:74:fe:1f:6d:8e:68:08:85:77:04:d4:8b:
        7a:6c:aa:26:a0:d2:fa:7e:3f:f8:c9:d0:2b:e6:d5:ca:
        79:49:31:9a:08:2c:72:43:5a:bb:58:fc:30:4e:15:29:
        30:75:af:17:3a:7d:8b:07:4c:62:4d:7b:58:fb:a1:5d:
        8d:b2:67:19:e0:bd:f6:e8:b9:a7:fc:e6:3c:23:b1:8d:
        ce:44:ef:b3:68:8f:65:4c:ab:7b:b1:3e:b1:6d:2a:f0:
        25:d4:8c:f1:c6:45:4e:3f:3e:1f:b6:90:8b:83:fb:32:
        00:ec:3b:92:b5:2b:60:f6:ed:b1:fe:e8:45:ea:05:cd:
        b7:03:34:bb:5e:87:9e:f2:a7:eb:0f:61:b3:24:41:5a:
        97:18:fe:66:73:78:07:30:3a:8f:88:b3:94:5c:b5:4c:
        cd:0e:cc:d2:3c:45:f2:e4:10:98:ac:68:5a:af:1f:29:
        04:1c:fd:5b:a5:73:2e:5c:16:55:c3:36:64:e7:82:7b:
        a0:78:aa:28:0e:e6:65:d4:e1:08:11:8b:14:2e:30:c1
    Fingerprint (MD5):
        36:D0:AF:D6:69:7C:8C:AF:32:72:04:D0:52:74:6B:F9
    Fingerprint (SHA1):
        29:D3:29:CE:70:B1:E9:0A:64:C7:63:A5:B1:95:3D:95:6D:A7:CF:08

    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA

Safonov Alexey

-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard
Megginson
Sent: Friday, August 04, 2006 7:46 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] Error at work of the utility
ldapsearch.


One problem may be that you have to specify some additional option when
creating the MS CA cert or server certs issued by this CA.  Is this a
root CA or did you get a CA certificate from somewhere else?

Do this:
cd /opt/fedora-ds/alias ; ../shared/bin/certutil -d . -P
slapd-asterisk1- -L -n ad-cert

Safonov Alexey wrote:
> Thanks Richard!
>
> In my opinion it the certificate of the CA. Certificates you can see
details
> of reception of it on a screenshot (see the attached file)
>
> Safonov Alexey
>

More information about the Fedora-directory-users mailing list