[Date Prev][Date Next] [Chronological] [Thread] [Top]

Rép. : Probleme with my certificat



Hi,
 
no one have an idee ?
 
thx

>>> "Eudes LEDUCQ" <LEDUCQ@hec.fr> 10/26 8:37  >>>
Hi,

i have simply created my certificat like :
/usr/local/ssl/bin/openssl req -newkey rsa:1024 -x509 -nodes -out
annuaire.fr.pem -keyout annuaire.fr.pem -days 365


i have put it in a directory :
cp annuaire.fr.pem
/usr/local/openLdap2.2.28/certificats/annuaire.fr.pem

then i have tested with openssl:
/usr/local/ssl/bin/openssl s_client -connect myipserver:636 -showcerts

it seem to boe good (not warrong or error)


and when i do a ldapsearch like this:
/usr/local/openLdap2.2.28/bin/ldapsearch -b dc=test,dc=fr -s sub -x -w
password -D cn=Manager,dc=test,dc=fr

is have got this error:
ldap_bind: Can't contact LDAP server (-1)
        additional info: error:140943FC:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad record mac

TLS: can't accept.
TLS: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac s3_pkt.c:424
connection_read(9): TLS accept error error=-1 id=1, closing
connection_closing: readying conn=1 sd=9 for close
connection_close: conn=1 sd=9

my ldap.conf:

.....
TLS_CACERT /usr/local/openLdap2.2.28/certificats/annuaire.fr.pem
TLS_REQCERT allow
tls_ciphers HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3
.....

my slapd.conf

....
TLSCipherSuite  HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3
TLSCertificateFile    
/usr/local/openLdap2.2.28/certificats/annuaire.fr.pem
TLSCertificateKeyFile 
/usr/local/openLdap2.2.28/certificats/annuaire.fr.pem
TLSCACertificateFile  
/usr/local/openLdap2.2.28/certificats/annuaire.fr.pem

What i don't understand is , i 'm able with my java code to make a
connection in ssl without probleme !

is something is wrong in my config ? 

thx