I've never had to use ClientAuth with Sun's Directory Server, but here are some observations:
1) Keys are *never* stored in certN.db; they're always in keyN.db; only certificates are in certN.db. The association between the key and the cert is made via the cert's nickname (in your case: myClientCert); 2) You do not have the Private Key of your client cert in your keyN.db file, since you haven't imported it. You need to use openssl to create a P12 file with your Private Key and cert, and then use the pk12util to import the P12 to the Mozilla (Netscape) databases (the key will automatically go to keyN.db and the cert will go to certN.db); you need to get past this problem before you can do anything with ClientAuth. However, I would recommend that you get the LDAP working with SSL but *without* ClientAuth to ensure that your server-side SSL is setup correctly, first. Once you can access your directory server over SSL without ClientAuth, the next step is to add ClientAuth. Finally, if you're going to be using digital certificates, while openssl will do the job for you, since you say you know Java, you can also use keytool from the JDK to create your key, cert and P12 - all using the same command; you can then just import the P12 to the Mozilla databases. If you want to use an industrial-strength tool for your certificates, either use DogTag or EJBCA. Arshad Noor StrongAuth, Inc. fat.fuck wrote:
bebop$ /development/projects/dsrk52/lib/ldapcsdk/tools/ldapsearch -h bebop -p 636 -Z -P /home/bebop/.netscape/cert7.db -N "myClientCert" -W "**********" -K /home/bebop/.netscape/key3.db -b "" "(objectClass=*)" ldapssl_enable_clientauth: Bad parameter to an ldap routine ldapssl_enable_clientauth: additional info: unable to find certificate SSL error -8174 (security library: bad database.)
now, if anybody could help shed light on this error i'm getting using my certs and keys for 2-way ssl, please chime in: > ldapssl_enable_clientauth: Bad parameter to an ldap routine > ldapssl_enable_clientauth: additional info: unable to find certificate > SSL error -8174 (security library: bad database.) thanks in advance for your help.
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
