[Date Prev][Date Next] [Chronological] [Thread] [Top]

Probleme with my certificat

Hi,
 
i have simply created my certificat like :
/usr/local/ssl/bin/openssl req -newkey rsa:1024 -x509 -nodes -out
annuaire.fr.pem -keyout annuaire.fr.pem -days 365
 
 
i have put it in a directory :
cp annuaire.fr.pem
/usr/local/openLdap2.2.28/certificats/annuaire.fr.pem
 
then i have tested with openssl:
/usr/local/ssl/bin/openssl s_client -connect myipserver:636 -showcerts
 
it seem to boe good (not warrong or error)
 
 
and when i do a ldapsearch like this:
/usr/local/openLdap2.2.28/bin/ldapsearch -b dc=test,dc=fr -s sub -x -w
password -D cn=Manager,dc=test,dc=fr
 
is have got this error:
ldap_bind: Can't contact LDAP server (-1)
        additional info: error:140943FC:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad record mac

TLS: can't accept.
TLS: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac s3_pkt.c:424
connection_read(9): TLS accept error error=-1 id=1, closing
connection_closing: readying conn=1 sd=9 for close
connection_close: conn=1 sd=9
 
my ldap.conf:
 
.....
TLS_CACERT /usr/local/openLdap2.2.28/certificats/annuaire.fr.pem
TLS_REQCERT allow
tls_ciphers HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3
ssl on
.....
 
my slapd.conf
 
....
TLSCipherSuite  HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3
TLSCertificateFile    
/usr/local/openLdap2.2.28/certificats/annuaire.fr.pem
TLSCertificateKeyFile 
/usr/local/openLdap2.2.28/certificats/annuaire.fr.pem
TLSCACertificateFile  
/usr/local/openLdap2.2.28/certificats/annuaire.fr.pem
 
What i don't understand is , i 'm able with my java code to make a
connection in ssl without probleme !
 
is something is wrong in my config ? 
 
thx