On Thu, May 29, 2008 at 11:17:54AM +0200, Florian Weimer wrote: > * Alex Samad: > > > speaking from experience, I could have missed something, but when I > > unencrypted a encrypted private key it all worked (i used openssl), my > > presumption (and this might be were I am making a mistake) is that the > > format for x509 cert's is a standard. I will follow up on this > > There are several standards for encrypted private keys, though. PEM > vs. DER, PKCS#5 v1.5, PKCS#8, PKCS#12. The list is pretty long. Hi I did some research on these and it seems like pkcs8 is the preferred method for private key encryption. I spent some time on the weekend creating a set of keys where the private key was encrypted into a .p8 file. then setup my ~/.ldaprc === uri ldaps://<ldap server> BINDDN "cn=nobody,ou=People,dc=somewhere,dc=com" TLS_CERT /home/alex/.ssl/cert.crt TLS_KEY /home/alex/.ssl/cert.p8 SASL_MECH external == but when I ran ldapseach it is unable to open the .p8 file. were as before when ldap-utils was linked against openssl a prompt for the password to un encrypt the private was was presented. This seems like a step backwards to me, why go to all the effort of setting up x509 certs if they can't be encrypted Alex > > > -- > To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > > -- "I think younger workers?first of all, younger workers have been promised benefits the government?promises that have been promised, benefits that we can't keep. That's just the way it is." - George W. Bush 05/04/2005 Washington, DC
Attachment:
signature.asc
Description: Digital signature