[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS secure connection to an LDAP server


> The name of the certificate file has nothing to do,
> you choose the one 
> you want :-)


> The common name of the certificate is the "cn" field
> you enter when you 
> create the certificate
> This name has to be the server's fully qualified
> domain name
OK, thank you.
I know that.

> Then, when you test the SSL connection,
> instead of :
> openssl s_client -connect localhost:636 -showcerts
> -state -CAfile /path/to/ca.pem
> run this :
> openssl s_client -connect ldap.domain.com:636
> -showcerts -state -CAfile /path/to/ca.pem
I tested the SSL conection using the command above. As
I told, it did not succed. :)
It displayed the following:
[user@RHmachine root]# openssl s_client -connect
ldap_srv_name.domain.com:636 -showcerts -state -ssl3
-CAfile /path/to/ca.pem
  SSL_connect:before/connect initialization
  SSL_connect:SSLv3 write client hello A
  SSL3 alert read:fatal:handshake failure
  SSL_connect:failed in SSLv3 read server hello A
routines:SSL3_READ_BYTES:sslv3 alert handshake 
failure:s3_pkt.c:1052:SSL alert number 40
routines:SSL3_WRITE_BYTES:ssl  handshake

What would you suggest please?


Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/