13. OpenLDAP Authentication with SSL with Certificate on Solaris 7 to Novell LDAP Server --- A False Start

13.1. Creating a CSR; A Wrong Route

13.1.1. Make a CSR for Sarah

 

 
 -- /usr/local/ssl/bin/openssl req -new -nodes -keyout myserver.key \
                                   -out server.csr

      unable to load 'random state'
      This means that the random number generator has not been seeded with much 
      random data.
      Generating a 1024 bit RSA private key
      8797:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not \
          seeded:md_rand.c:503:
      You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
      8797:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182:
 

 -- http://www.openssl.org/support/faq.html
      Why do I get a "PRNG not seeded" error message?
  
       --> http://www.cosy.sbg.ac.at/~andi/SUNrand/

           ANDIrand-0.7-5.7-sparc-1.pkg

        ...works fine now


 -- check certificate (public key) sent back from Sarah with:

        openssl x509 -in IssuedCert.b64_sarah_2 -text -noout

    this should include     

        Subject: C=UK, CN=www.clip.man.ac.uk

13.1.2. Checking the Certificate

These 

    openssl rsa -noout -modulus -in myserver.key | openssl md5
    openssl req -noout -modulus -in server.csr | openssl md5
    openssl x509 -noout -modulus -in IssuedCert.b64_sarah_2 | openssl md5
should give the same result.

13.1.3. BUT...

Could not get to work; was wrong route! We want a server-certificate, not a client-certificate! See 

 -- http://research.imb.uq.edu.au/~l.rathbone/ldap/tls.shtml

...previousup (conts)next...


About this document:

Produced from the SGML: /home/isd/public_html/_ldap_authentication/_reml_grp/index.reml
On: 5/7/2004 at 13:33:51
Options: reml2 -i noindex -l long -o html -p multiple