On Thu, May 29, 2008 at 11:17:54AM +0200, Florian Weimer wrote: > * Alex Samad: > > > speaking from experience, I could have missed something, but when I > > unencrypted a encrypted private key it all worked (i used openssl), my > > presumption (and this might be were I am making a mistake) is that the > > format for x509 cert's is a standard. I will follow up on this > > There are several standards for encrypted private keys, though. PEM > vs. DER, PKCS#5 v1.5, PKCS#8, PKCS#12. The list is pretty long.
Hi
I did some research on these and it seems like pkcs8 is the preferred
method for private key encryption.
I spent some time on the weekend creating a set of keys where the
private key was encrypted into a .p8 file.
then setup my ~/.ldaprc
===
uri ldaps://<ldap server>
BINDDN "cn=nobody,ou=People,dc=somewhere,dc=com"
TLS_CERT /home/alex/.ssl/cert.crt
TLS_KEY /home/alex/.ssl/cert.p8
SASL_MECH external
==
but when I ran ldapseach it is unable to open the .p8 file. were as
before when ldap-utils was linked against openssl a prompt for the
password to un encrypt the private was was presented.
This seems like a step backwards to me, why go to all the effort of
setting up x509 certs if they can't be encrypted
Alex
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
>
--
"I think younger workers—first of all, younger workers have been promised
benefits the government—promises that have been promised, benefits that we
can't keep. That's just the way it is."
- George W. Bush
05/04/2005
Washington, DC
signature.asc
Description: Digital signature
