[gnutls-help] Create csr with netscape extension = server

m.postman at mafrigo.net m.postman at mafrigo.net
Wed Jun 11 19:50:49 CEST 2014

i've been working on this problem quite long now.
OpenLDAP on my OpenSuSE 13.1 is compiled with gnutls apparently.
But connecting to the OpenLDAP server fails with the following message:

# ldapsearch -h localhost -W -D uid=admin,dc=example,dc=net -b 
dc=example,dc=net -s sub "(uid=user1)" -v -ZZ
ldap_initialize( ldap://localhost )
ldap_start_tls: Connect error (-11)
         additional info: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:_certificate verify failed 
(unsupported certificate purpose)__
_Tracking down this error lead to a missing "Netscape Extension" called 

Well... _how do I create a CSR with gnutls/certtool with this 
extension??_ :)

I simply can't figure it out... maybe I missed something?!
In openssl there is a directive "nsCertType = server"... I suppose 
that's what I am looking for :)

I appreciate any help. Thank you very much in advance!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140611/476ab19a/attachment.html>

More information about the Gnutls-help mailing list