[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Connect to LDAP via ssl failed



hi, 

Thanks for your advice. Our administrator of AD server had genertaed a certificate, imported into Personal Computer store, and the Trusted Root CA store on itselfe before, but I still failed to connect the AD server from remote host via ssl. Here's the result I use openssl(in linux) to verify the cerfiticate of the AD server:
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID: 3D1400009BBAA03598DC56D949FC28D940924372EEF40AF8D8A37AD8A8A83F56
    Session-ID-ctx:
    Master-Key: D60476FD2077EC2A5D440EA81DE35FCAF9DAB3DA7537207724705C00ADE06693C839490F7B2128F3E01E62FF72C21432
    Key-Arg   : None
    Start Time: 1039137298
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---

I'd like to take your way to have a try while I don't kown how to generated a new certificate with openssl(in windows) and how to  import it into the Personal Computer store, and the Trusted Root CA store. 

Thanks a lot :-)

Afar
_________________________________
Things would always be better than what we had expected...
So Try and Learn and Get more! :-)


----- Original Message ----- 
From: "Rechenberg, Andrew" <arechenberg@shermfin.com>
To: "afardong" <afardong@263.sina.com>; <openldap-software@OpenLDAP.org>
Sent: Thursday, December 05, 2002 9:31 PM
Subject: RE: Connect to LDAP via ssl failed



WRT Active Directory, I believe that the AD server has to have a valid
certificate with the fully qualified domain name of the server as the CN
in the certificate.  I had the same problem not being able to connect to
an Active Directory via SSL with ldapsearch from Red Hat Linux and the
certificate that was issued to the AD server by our MS CA had expired.  

I generated a new certificate with OpenSSL, imported it into the
Personal Computer store, and the Trusted Root CA store on the AD server,
and then I was able to use SSL with ldapsearch to connect to the AD
server.

If I'm way off on this one, someone please correct me.

Regards,
Andy.


-----Original Message-----
From: afardong [mailto:afardong@263.sina.com] 
Sent: Thursday, December 05, 2002 1:38 AM
To: openldap-software@OpenLDAP.org
Subject: Connect to LDAP via ssl failed


Hi,

I am trying to perform some searching jobs wish VC from remote LDAP
Server or Active Directory. The job is divided into the following steps:
ldap_init, ldap_set_option(version3),ldap_connect,ldap_bind_s, then
ldap_search_s and print the results etc. The code runs well with those
steps while I try to connect the remote LDAP Server via ssl, problem
comes. Using the ldap_sslinit instead of ldap_init, I got error "Cannot
contact the LDAP server." every time when doing ldap_connect. I use
netstat to monitor the connection status and did find the code get
connected with the remote server(port 636).

Could anyone give me some advices?Thanks:-)

afar