[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS secure connection to an LDAP server

To: "Tay, Gary" <Gary_Tay@platts.com>
Subject: RE: TLS secure connection to an LDAP server
From: fatima riadi <ftmriadi@yahoo.fr>
Date: Thu, 24 Mar 2005 13:00:20 +0100 (CET)
Cc: kurt@OpenLDAP.org, openldap-software@OpenLDAP.org, openssl-users@openssl.org
In-reply-to: 6667

--- "Tay, Gary" <Gary_Tay@platts.com> wrote:
> Read
>
http://www.openldap.org/lists/openldap-software/200503/msg00309.html
> 
> Did u use DSA key?
> 
> Gary

Thank you for the link. I read it.

I am using RSA keys (I generated them by running the
command "openssl genrsa") even for the CA's key and
for my ldaps server's public key.

> 
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org] On
> Behalf Of fatima riadi
> Sent: Thursday, March 24, 2005 12:17 AM
> To: Fran?ois Beretti
> Cc: OpenLDAP Mail List
> Subject: Re: TLS secure connection to an LDAP server
> 
> 
> Hello,
> 
> > The name of the certificate file has nothing to
> do,
> > you choose the one
> > you want :-)
> 
> OK
> 
> > The common name of the certificate is the "cn"
> field
> > you enter when you
> > create the certificate
> > This name has to be the server's fully qualified
> > domain name
> > 
> OK, thank you.
> I know that.
> 
> > Then, when you test the SSL connection,
> > instead of :
> > openssl s_client -connect localhost:636 -showcerts
> > -state -CAfile /path/to/ca.pem
> > 
> > run this :
> > 
> > openssl s_client -connect ldap.domain.com:636
> > -showcerts -state -CAfile /path/to/ca.pem
> >
> I tested the SSL conection using the command above.
> As
> I told, it did not succed. :)
> It displayed the following:
> [user@RHmachine root]# openssl s_client -connect
> ldap_srv_name.domain.com:636 -showcerts -state -ssl3
> -CAfile /path/to/ca.pem
>   CONNECTED(00000003)
>   SSL_connect:before/connect initialization
>   SSL_connect:SSLv3 write client hello A
>   SSL3 alert read:fatal:handshake failure
>   SSL_connect:failed in SSLv3 read server hello A
>   2456:error:14094410:SSL 
> routines:SSL3_READ_BYTES:sslv3 alert handshake 
> failure:s3_pkt.c:1052:SSL alert number 40
>   2456:error:1409E0E5:SSL
> routines:SSL3_WRITE_BYTES:ssl  handshake
> failure:s3_pkt.c:529:
> 
> What would you suggest please?
> 
> 
> 
> 	
> 
> 	
> 		
>
__________________________________________________________________
> Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace
> de stockage pour vos mails ! 
> Créez votre Yahoo! Mail sur
> http://fr.mail.yahoo.com/
> 


	

	
		
__________________________________________________________________
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/

Prev by Date: Re: TLS secure connection to an LDAP server
Next by Date: Fwd: Re: TLS secure connection to an LDAP server
Index(es):
- Chronological
- Thread