LDAP Server: DSEE 6.2 on Solaris 10
LDAP Client: Openldap on RHEL 5.1
Would anyone know how to get the correct client cert files to the client machine? I copied the cacert.pem, cert8.db, key3.db and secmod.db files from the server. I copied the files into /etc/openldap/cacerts directory. So, when I run the /usr/bin/authconfig-gtk tool and get everything configured, I click OK to save the configurations, the message I get back is:
4722:error:0906D06C:PEM routines:PEM_read_bio:no start line
em_lib.c:644:Expecting: TRUSTED CERTIFICATE
From this website
http://www.sun.com/bigadmin/features...p_part3.jsp#P3 it has:
-------------------------------------------------------------------------
a. Copy the root CA and subordinate CA certificates in PEM format. If they are in DER format, use the following commands to convert them to PEM format, and then copy them over to the /etc/openldap/cacerts directory.
# openssl x509 -inform DER -outform PEM -in rootca.der -out
rootca.pem
# openssl x509 -inform DER -outform PEM -in subca.der -out
subca.pem
Note: If the root CA certificate does not begin with ...BEGIN TRUSTED CERTIFICATE, the openssl commands might fail on both the certificates or the LDAP library might not use the certificate. In such a case, you need to modify the "trust" properties of the root CA certificate using the following command:
# openssl x509 -trustout -in rootca.cer -out rootca.pem
b. As root, copy the PEM-formatted certificate files to the/etc/openldap/cacerts directory and change their permissions:
# cp rootca.pem /etc/openldap/cacerts
# cp subca.pem /etc/openldap/cacerts
# chmod 644 /etc/openldap/cacerts/*.pem
-------------------------------------------------------------------------
No where did I see a DER formated file for the root CA or subordinate CA certificates. On the server I saw a cacert.pem locate in /CA directory and in /var/ldap directory were cert8.db, key3.db and secmod.db files. I am not sure which certificate files to use. I tried the cacert.pem file but get the error message above. I believe if I get this problem solved, it will fix the other problems. I have followed the instructions from the website above and do not know what else to do. Has anyone ever been successful at authenticating a RHEL 5.1 Openldap client with Sun DSEE 6.2 server? I need some help.