Philip Guenther <[EMAIL PROTECTED]> wrote: > > # openssl x509 -in LDAPserver-cert.pem -text -noout > ... > > Netscape Cert Type: > > Object Signing > > The certificate has a "Netscape Cert Type" field, but that field doesn't > include the "SSL Server" flag. Your certificate creation setup needs to > be corrected and a new certificate created. To quote the "X509 > CERTIFICATE EXTENSIONS" part of the openssl(1) manpage: > > SSL Server > The extended key usage extension must be absent or include the > "web server authentication" and/or one of the SGC OIDs. > keyUsage must be absent or it must have the digitalSignature > set, the keyEncipherment set, or both bits set. Netscape > certificate type must be absent or have the SSL server bit set. > > Philip Guenther > Sendmail, Inc.
Thank you Philippe for the answer. You was right. That was the problem. I corrected this point, renew my LDAP certifcate and there's no more error message. I had to test deeply now, but I am optimistic I can't remember if i adjusted this parameter a year ago with my old Debian sarge, but obviously I would had to. Again, many thanks. -- Regards. Jean-Claude -- Salutations. Jean-Claude
