Hello out there, I already googled for a solution to the following problem, but did not get an idea how to solve it (well, to be honest it's my first time getting in the topic of ssl..) I'am using OpenSuSE 10.1 I generated a ssl-crtificate like explained in the smbldap-howto from www.idealx.com: base directory: /etc/openldap The following commands habe been executed: 01) mkdir certs csr data keys private data/ca.db.certs 02) ln -s data datas 03) touch private/ca.key data/ca.db.serial 04) cp /dev/null data/ca.db.index 05) openssl rand 1024 > data/random-bits 06) openssl genrsa -des3 -out private/ca.key 1024 -rand data/random-bits 07) chmod 600 private/ca.key 08) openssl req -new -x509 -days 3650 -key private/ca.key -out certs/ca.pem 09) echo ’01’ > data/ca.db.serial 10) openssl genrsa -out keys/ldap.pdnet.net.key 1024 11) openssl req -new -key keys/ldap.pdnet.net.key -out csr/ldap.pdnet.net.csr 12) openssl ca -config ca.conf -out certs/ldap.pdnet.net.txt -infiles csr/ldap.pdnet.net.csr 13) perl -n -e ’m/BEGIN CERTIFICATE/ && do {$$seen=1}; $$seen && print;’ < certs/ldap.pdnet.net.txt > ldap.pdnet.net.pem This works fine. But when I verify the new certifiv´cate with the command 14) openssl verify -CAfile certs/ca.pem certs/ldap.pdnet.net.pem I get the following out message: certs/ldap.pdnet.net.pem: /C=DE/ST=Baden-Wuerttemberg/L=Stuttgart/O=Patschull-Design/OU=IT-Service/CN=Michael Patschull/emailAddress=michael@patschull.de error 18 at 0 depth lookup:self signed certificate /C=DE/ST=Baden-Wuerttemberg/L=Stuttgart/O=Patschull-Design/OU=IT-Service/CN=Michael Patschull/emailAddress=michael@patschull.de error 7 at 0 depth lookup:certificate signature failure 10099:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100: 10099:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:632: 10099:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:168: Would be really great if someone had some hints for me how to solve this. Thanks for your help, Michael -- NEU: GMX DSL Sofort-Start-Set - blitzschnell ins Internet! Echte DSL-Flatrate ab 0,- Euro* http://www.gmx.net/de/go/dsl --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org