[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP clients fail to connect with SSL enabled
- To: openldap-technical@openldap.org
- Subject: Re: LDAP clients fail to connect with SSL enabled
- From: bluethundr <bluethundr@gmail.com>
- Date: Sun, 21 Nov 2010 18:47:22 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=WNNo7mEXi4UXJoSSI0hN+4NRoq3yLv/gGJANGLg7yUY=; b=XMz3lRGMVPtQR7gyCbpwUfekXO8R0Qgbl7krcf0BXtEKRB3YNsyzntbWVnqnJht98j AbQyBGNCUg0HwkilpVKIihIU1jI2qLvhtb9X/pOGfcDIab1zDO7FpHOgE4mqSJJDjvm8 GzyPbUQ2F7okacOmNYRkrR+xGb99feSQmtqT4=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=tqsn2Ndu4ZMow8cz1N4eFA8y1PA3hV4iOwevue9nj1/TVajbjSrtdOLkbpQnKfZOl0 sGqpfSfj2+VgTs5CMZH1Y6F2S/tcqa7YZ14rfp+8RzcYCXLro9kFFkYMRYVe/fN8kLjr CYrcTjAXqgNy+D/PTl4vZarWvmdq9G9x/riw8=
- In-reply-to: <20101121231617.GA5114@dan.olp.net>
- References: <AANLkTim3Q5cVHJ82wm9trhpRHPa=votaa8NX6ycSr+bB@mail.gmail.com> <20101121231617.GA5114@dan.olp.net>
> Does an ldapsearch -d -1 -ZZ successfully connect?
> If so, then that should rule out a problem with your slapd configuration
> and ldap client library configuration (the options within your ldap.conf
> used by the OpenLDAP client library). In that case, you might focus on your
> ldap nss configuration.
Hi Dan,
Thanks for your input! I just noticed this interesting tidbit in the
output of that command.
TLS: hostname (ldap.summitnjhome.com) does not match common name in
certificate (bsd2.summitnjhome.com).
ldap_perror
ldap_start_tls: Connect error (-11)
additional info: TLS: hostname does not match CN in peer certificate
Which is interesting because I caught that earlier, and genertated a
new CSR and downloaded the cert once more. When I regenerated the csr
I made sure to copy-paste the output into the common name field of the
generation process.
I'm enclosing the full output of that command as an attachment but I
think my next step is to call godaddy... heh :)
On Sun, Nov 21, 2010 at 6:16 PM, Dan White <dwhite@olp.net> wrote:
> On 21/11/10 17:24 -0500, bluethundr wrote:
>>
>> I am attempting to setup SSL/TLS support on my openLDAP 2.4 server on
>> FreeBSD.
>>
>> LBSD2# pkg_info | grep openldap
>> openldap-sasl-client-2.4.23 Open source LDAP client implementation
>> with SASL2 support
>> openldap-sasl-server-2.4.23 Open source LDAP server implementation
>
>
>> LBSD2# cat slapd.conf | grep -i tls
>> ## TLS options for slapd
>> TLSCipherSuite HIGH:MEDIUM:+SSLv2
>> TLSCertificateFile
>> /usr/local/etc/openldap/cacerts/bsd2.summitnjhome.com.crt
>> TLSCertificateKeyFile /usr/local/etc/openldap/cacerts/slapd.pem
>> TLSCACertificateFile /usr/local/etc/openldap/cacerts/sf_issuing.crt
>
>
>> Connection closed by 127.0.0.1
>>
>> [root@VIRTCENT08:/etc/openldap/cacerts]#getent passwd | grep ldapAccount
>> [same interminable wait as above]
>>
>>
>> This is what my /etc/ldap.conf file looks like on the client:
>>
>> [root@VIRTCENT08:/etc/openldap/cacerts]#cat /etc/ldap.conf
>> base dc=summitnjhome,dc=com
>> timelimit 120
>> bind_timelimit 120
>> idle_timelimit 3600
>> uri ldap://ldap.summitnjhome.com/
>> ssl start_tls
>> tls_cacertdir /etc/openldap/cacerts
>> pam_password crypt
>
> <commented out lines removed>
>
> Does an ldapsearch -d -1 -ZZ successfully connect?
>
> If so, then that should rule out a problem with your slapd configuration
> and ldap client library configuration (the options within your ldap.conf
> used by the OpenLDAP client library). In that case, you might focus on your
> ldap nss configuration.
>
> --
> Dan White
>
--
Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9
Share and enjoy!!
[root@VIRTCENT08:~]#ldapsearch -h ldap.summitnjhome.com -d -1 -ZZ "dc=summitnjhome,dc=com"
ldap_create
ldap_url_parse_ext(ldap://ldap.summitnjhome.com)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldap.summitnjhome.com:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.1.44:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0x9043260 ptr=0x9043260 end=0x904327f len=31
0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1
0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037
ber_scanf fmt ({) ber:
ber_dump: buf=0x9043260 ptr=0x9043265 end=0x904327f len=26
0000: 77 18 80 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e w...1.3.6.1.4.1.
0010: 31 34 36 36 2e 32 30 30 33 37 1466.20037
ber_flush: 31 bytes to sd 3
0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1
0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037
ldap_write: want=31, written=31
0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1
0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037
ldap_result ld 0x903a530 msgid 1
wait4msg ld 0x903a530 msgid 1 (infinite timeout)
wait4msg continue ld 0x903a530 msgid 1 all 1
** ld 0x903a530 Connections:
* host: ldap.summitnjhome.com port: 389 (default)
refcnt: 2 status: Connected
last used: Sun Nov 21 18:39:49 2010
** ld 0x903a530 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** ld 0x903a530 Response Queue:
Empty
ldap_chkResponseList ld 0x903a530 msgid 1 all 1
ldap_chkResponseList returns ld 0x903a530 NULL
ldap_int_select
read1msg: ld 0x903a530 msgid 1 all 1
ber_get_next
ldap_read: want=8, got=8
0000: 30 0c 02 01 01 78 07 0a 0....x..
ldap_read: want=6, got=6
0000: 01 00 04 00 04 00 ......
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x9044680 ptr=0x9044680 end=0x904468c len=12
0000: 02 01 01 78 07 0a 01 00 04 00 04 00 ...x........
read1msg: ld 0x903a530 msgid 1 message type extended-result
ber_scanf fmt ({eaa) ber:
ber_dump: buf=0x9044680 ptr=0x9044683 end=0x904468c len=9
0000: 78 07 0a 01 00 04 00 04 00 x........
read1msg: ld 0x903a530 0 new referrals
read1msg: mark request completed, ld 0x903a530 msgid 1
request done: ld 0x903a530 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ber_scanf fmt ({eaa) ber:
ber_dump: buf=0x9044680 ptr=0x9044683 end=0x904468c len=9
0000: 78 07 0a 01 00 04 00 04 00 x........
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x9044680 ptr=0x9044683 end=0x904468c len=9
0000: 78 07 0a 01 00 04 00 04 00 x........
ber_scanf fmt (}) ber:
ber_dump: buf=0x9044680 ptr=0x904468c end=0x904468c len=0
ldap_msgfree
TLS trace: SSL_connect:before/connect initialization
tls_write: want=121, written=121
0000: 80 77 01 03 01 00 4e 00 00 00 20 00 00 39 00 00 .w....N... ..9..
0010: 38 00 00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 8..5............
0020: 00 00 33 00 00 32 00 00 2f 03 00 80 00 00 05 00 ..3..2../.......
0030: 00 04 01 00 80 00 00 15 00 00 12 00 00 09 06 00 ................
0040: 40 00 00 14 00 00 11 00 00 08 00 00 06 04 00 80 @...............
0050: 00 00 03 02 00 80 00 00 ff ad e5 7a 4c 13 46 0d ...........zL.F.
0060: 36 37 db 7a 13 eb c6 e6 fe 1e dd 73 ca 29 4e 85 67.z.......s.)N.
0070: d4 80 fb 03 49 7b c4 b3 f0 ....I{...
TLS trace: SSL_connect:SSLv2/v3 write client hello A
tls_read: want=7, got=7
0000: 16 03 01 00 4a 02 00 ....J..
tls_read: want=72, got=72
0000: 00 46 03 01 4c e9 e6 e4 33 66 de 38 f2 a4 e6 e4 .F..L...3f.8....
0010: 08 60 7e 10 85 db 3f 2c 38 5a 16 c6 62 cc 50 f3 .`~...?,8Z..b.P.
0020: 52 2b ac 2b 20 5f ee c2 ba 25 30 64 b0 1c 98 7f R+.+ _...%0d....
0030: 1c c5 9f 8d 86 8b af c2 fe ba 67 aa 00 dd 92 24 ..........g....$
0040: f2 51 75 82 9d 00 35 00 .Qu...5.
TLS trace: SSL_connect:SSLv3 read server hello A
tls_read: want=5, got=5
0000: 16 03 01 05 87 .....
tls_read: want=1415, got=1364
0000: 0b 00 05 83 00 05 80 00 05 7d 30 82 05 79 30 82 .........}0..y0.
0010: 04 61 a0 03 02 01 02 02 07 27 a9 d2 7c 32 07 be .a.......'..|2..
0020: 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 0...*.H........0
0030: 81 ca 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 ..1.0...U....US1
0040: 10 30 0e 06 03 55 04 08 13 07 41 72 69 7a 6f 6e .0...U....Arizon
0050: 61 31 13 30 11 06 03 55 04 07 13 0a 53 63 6f 74 a1.0...U....Scot
0060: 74 73 64 61 6c 65 31 1a 30 18 06 03 55 04 0a 13 tsdale1.0...U...
0070: 11 47 6f 44 61 64 64 79 2e 63 6f 6d 2c 20 49 6e .GoDaddy.com, In
0080: 63 2e 31 33 30 31 06 03 55 04 0b 13 2a 68 74 74 c.1301..U...*htt
0090: 70 3a 2f 2f 63 65 72 74 69 66 69 63 61 74 65 73 p://certificates
00a0: 2e 67 6f 64 61 64 64 79 2e 63 6f 6d 2f 72 65 70 .godaddy.com/rep
00b0: 6f 73 69 74 6f 72 79 31 30 30 2e 06 03 55 04 03 ository100...U..
00c0: 13 27 47 6f 20 44 61 64 64 79 20 53 65 63 75 72 .'Go Daddy Secur
00d0: 65 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 e Certification
00e0: 41 75 74 68 6f 72 69 74 79 31 11 30 0f 06 03 55 Authority1.0...U
00f0: 04 05 13 08 30 37 39 36 39 32 38 37 30 1e 17 0d ....079692870...
0100: 31 30 31 31 32 31 32 32 35 35 35 38 5a 17 0d 31 101121225558Z..1
0110: 31 31 31 32 31 31 33 32 36 33 31 5a 30 63 31 1e 11121132631Z0c1.
0120: 30 1c 06 03 55 04 0a 13 15 62 73 64 32 2e 73 75 0...U....bsd2.su
0130: 6d 6d 69 74 6e 6a 68 6f 6d 65 2e 63 6f 6d 31 21 mmitnjhome.com1!
0140: 30 1f 06 03 55 04 0b 13 18 44 6f 6d 61 69 6e 20 0...U....Domain
0150: 43 6f 6e 74 72 6f 6c 20 56 61 6c 69 64 61 74 65 Control Validate
0160: 64 31 1e 30 1c 06 03 55 04 03 13 15 62 73 64 32 d1.0...U....bsd2
0170: 2e 73 75 6d 6d 69 74 6e 6a 68 6f 6d 65 2e 63 6f .summitnjhome.co
0180: 6d 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 m0.."0...*.H....
0190: 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 .........0......
01a0: 01 00 c3 4d bd c9 60 3b d3 77 a6 00 42 41 71 db ...M..`;.w..BAq.
01b0: 57 d2 1a 0f 9c e0 24 28 33 fe 55 03 f7 9d a3 20 W.....$(3.U....
01c0: 7a 29 44 66 58 fb 4b d0 a8 8d f2 da ef 1a 3e fb z)DfX.K.......>.
01d0: e3 2d c0 79 fb a3 fd bc db ce 2d 02 db 96 46 f9 .-.y......-...F.
01e0: 24 d2 eb 48 8f c1 da 6b 2e 35 3a cd 1f 01 ff b2 $..H...k.5:.....
01f0: 95 47 63 37 6e be 91 ad 6c ae 97 64 25 0d 65 fd .Gc7n...l..d%.e.
0200: 4e a3 76 f9 2c 48 f8 da a9 83 2a 52 f2 57 5e f0 N.v.,H....*R.W^.
0210: a9 75 c6 ff 90 57 4f 15 51 96 15 f4 4c 17 89 ef .u...WO.Q...L...
0220: c5 59 0e 20 75 99 90 4e 43 40 e0 4b 40 02 21 03 .Y. u..NC@.K@.!.
0230: c6 03 4c c5 6b 18 0b 2a ea 58 84 2d 55 42 ad 9d ..L.k..*.X.-UB..
0240: a7 13 22 6a 47 6b 39 ee 18 02 5e 48 25 5e 97 6e .."jGk9...^H%^.n
0250: 38 e3 74 f2 e3 2f 71 2d 56 50 63 a4 76 86 e3 c8 8.t../q-VPc.v...
0260: a2 70 46 b6 4a 90 d1 3a c8 93 78 1e 80 cc cd 9e .pF.J..:..x.....
0270: e3 05 f1 03 1c de 6c 62 db 50 8b 9c 9d c9 06 a0 ......lb.P......
0280: d0 b8 b4 11 d1 63 54 4c bb bd 4b 37 f2 97 44 55 .....cTL..K7..DU
0290: 9b ed 31 da a8 ae 1b 12 47 de f9 91 2b ae fe 6b ..1.....G...+..k
02a0: d5 55 02 03 01 00 01 a3 82 01 c8 30 82 01 c4 30 .U.........0...0
02b0: 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 00 ...U.......0....
02c0: 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 0...U.%..0...+..
02d0: 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 .......+.......0
02e0: 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 ...U...........0
02f0: 33 06 03 55 1d 1f 04 2c 30 2a 30 28 a0 26 a0 24 3..U...,0*0(.&.$
0300: 86 22 68 74 74 70 3a 2f 2f 63 72 6c 2e 67 6f 64 ."http://crl.god
0310: 61 64 64 79 2e 63 6f 6d 2f 67 64 73 31 2d 32 36 addy.com/gds1-26
0320: 2e 63 72 6c 30 4d 06 03 55 1d 20 04 46 30 44 30 .crl0M..U. .F0D0
0330: 42 06 0b 60 86 48 01 86 fd 6d 01 07 17 01 30 33 B..`.H...m....03
0340: 30 31 06 08 2b 06 01 05 05 07 02 01 16 25 68 74 01..+........%ht
0350: 74 70 73 3a 2f 2f 63 65 72 74 73 2e 67 6f 64 61 tps://certs.goda
0360: 64 64 79 2e 63 6f 6d 2f 72 65 70 6f 73 69 74 6f ddy.com/reposito
0370: 72 79 2f 30 81 80 06 08 2b 06 01 05 05 07 01 01 ry/0....+.......
0380: 04 74 30 72 30 24 06 08 2b 06 01 05 05 07 30 01 .t0r0$..+.....0.
0390: 86 18 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 67 6f ..http://ocsp.go
03a0: 64 61 64 64 79 2e 63 6f 6d 2f 30 4a 06 08 2b 06 daddy.com/0J..+.
03b0: 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 63 ....0..>http://c
03c0: 65 72 74 69 66 69 63 61 74 65 73 2e 67 6f 64 61 ertificates.goda
03d0: 64 64 79 2e 63 6f 6d 2f 72 65 70 6f 73 69 74 6f ddy.com/reposito
03e0: 72 79 2f 67 64 5f 69 6e 74 65 72 6d 65 64 69 61 ry/gd_intermedia
03f0: 74 65 2e 63 72 74 30 1f 06 03 55 1d 23 04 18 30 te.crt0...U.#..0
0400: 16 80 14 fd ac 61 32 93 6c 45 d6 e2 ee 85 5f 9a .....a2.lE...._.
0410: ba e7 76 99 68 cc e7 30 3b 06 03 55 1d 11 04 34 ..v.h..0;..U...4
0420: 30 32 82 15 62 73 64 32 2e 73 75 6d 6d 69 74 6e 02..bsd2.summitn
0430: 6a 68 6f 6d 65 2e 63 6f 6d 82 19 77 77 77 2e 62 jhome.com..www.b
0440: 73 64 32 2e 73 75 6d 6d 69 74 6e 6a 68 6f 6d 65 sd2.summitnjhome
0450: 2e 63 6f 6d 30 1d 06 03 55 1d 0e 04 16 04 14 fb .com0...U.......
0460: e6 7f 2e bb 16 16 a9 21 ae d9 4b e8 b1 74 b9 37 .......!..K..t.7
0470: dd 9b 1e 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 ...0...*.H......
0480: 05 00 03 82 01 01 00 c0 44 20 2f 30 2a 27 31 dc ........D /0*'1.
0490: 1f bf de 14 ab 5f 31 df 12 01 ce 92 51 1d 0d 90 ....._1.....Q...
04a0: d2 fa 69 f5 30 4d d7 ee 1a d0 6d c4 be 5a ce 95 ..i.0M....m..Z..
04b0: 74 28 53 d1 5e b0 a8 88 08 a6 88 fb d2 ac 7d 80 t(S.^.........}.
04c0: 6b 7f f3 9a e7 8b e8 45 8f c0 58 e5 da e2 14 34 k......E..X....4
04d0: f8 08 c9 f7 af e6 65 a5 c9 6a be e7 16 9c ef aa ......e..j......
04e0: 18 41 f0 5b 68 ba 7c 56 81 25 f9 2d 95 a2 3d f6 .A.[h.|V.%.-..=.
04f0: f7 3b 4f 1e c8 52 8b 1d 68 1f a1 8f 18 a8 33 d5 .;O..R..h.....3.
0500: e6 8a 1d 63 79 a9 56 3a ad ed 8d 07 29 2b 24 93 ...cy.V:....)+$.
0510: 0f 4d 93 d3 51 6d f7 33 a3 2d c5 12 10 50 85 55 .M..Qm.3.-...P.U
0520: a5 05 d6 34 e1 7e 52 a4 11 c7 93 94 09 60 61 c3 ...4.~R......`a.
0530: 14 f4 11 e2 de 02 aa b0 36 5d 95 b7 0f 4c 9a 44 ........6]...L.D
0540: 31 9f 2c 34 97 ce b6 e6 6f 21 17 78 d9 23 15 95 1.,4....o!.x.#..
0550: 65 9c 9b 2c e..,
tls_read: want=51, got=51
0000: d6 17 42 f5 b2 00 29 13 5d 2e d9 4c 70 9f d3 b6 ..B...).]..Lp...
0010: 9e 2a 8b 08 16 ea a0 1f 7f 26 eb 41 09 16 2d 80 .*.......&.A..-.
0020: a9 64 dd a7 e9 bd 6b 26 f9 c2 fc 9a b9 a9 2c da .d....k&......,.
0030: 00 fd 36 ..6
TLS certificate verification: depth: 2, err: 0, subject: /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority, issuer: /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
TLS certificate verification: depth: 1, err: 0, subject: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287, issuer: /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
TLS certificate verification: depth: 0, err: 0, subject: /O=bsd2.summitnjhome.com/OU=Domain Control Validated/CN=bsd2.summitnjhome.com, issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
TLS trace: SSL_connect:SSLv3 read server certificate A
tls_read: want=5, got=5
0000: 16 03 01 00 04 .....
tls_read: want=4, got=4
0000: 0e 00 00 00 ....
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
tls_write: want=326, written=326
0000: 16 03 01 01 06 10 00 01 02 01 00 ab c7 3e 57 f1 .............>W.
0010: bd 13 2e 6f 3c 5d f2 e3 eb 66 c7 cc 0e 37 f3 2c ...o<]...f...7.,
0020: 88 92 a8 1a 9c 85 f4 22 3c 9e 0e fa 6a 86 46 fb ......."<...j.F.
0030: dc f1 f3 59 41 53 dc d8 f0 6b 91 3c 9f e1 85 e5 ...YAS...k.<....
0040: 1f 11 22 e9 73 fd a3 0d eb 5a 98 1b 7f 77 85 83 ..".s....Z...w..
0050: 11 74 79 d2 8b e6 b8 90 d5 37 49 f3 20 06 0a a2 .ty......7I. ...
0060: c7 73 40 46 50 71 c8 db 1a 3a ff e1 cf cd 33 c7 .s@FPq...:....3.
0070: e8 83 32 50 7a bb 9d 6d 4c 04 6d 8d 09 72 5b b5 ..2Pz..mL.m..r[.
0080: d3 14 c2 20 bd cf 24 f0 1f 8b 88 43 d0 cc 86 51 ... ..$....C...Q
0090: d6 d7 54 4a 51 0a 64 0c 59 ea d0 c4 9e ca a7 e7 ..TJQ.d.Y.......
00a0: 68 d9 9e 59 54 3f 9e c3 d4 c6 d2 96 b6 08 31 50 h..YT?........1P
00b0: 16 e3 b1 d3 06 f3 eb cf 73 25 43 54 1c 98 43 37 ........s%CT..C7
00c0: 87 d4 81 ef 86 75 3c 78 06 47 f8 6c 44 c4 a0 7e .....u<x.G.lD..~
00d0: 0c f7 db 24 34 19 19 04 03 69 a1 4c 7a 0c d7 8c ...$4....i.Lz...
00e0: 78 bb 77 4b 8f 5a d3 d1 f6 90 f3 c9 2d a8 df b1 x.wK.Z......-...
00f0: 2c 4f 27 10 d2 20 96 b8 db 2b 6d e6 b9 dc 4d bc ,O'.. ...+m...M.
0100: 6a ed 56 0c 75 26 62 a0 3b 8a c5 14 03 01 00 01 j.V.u&b.;.......
0110: 01 16 03 01 00 30 6e 56 82 8a d3 8d c9 a2 62 30 .....0nV......b0
0120: 12 d0 60 eb 0f b8 b0 83 6d db eb 0c de a2 de 37 ..`.....m......7
0130: 5e 19 4b 7c 79 fb 88 d4 ea fb bb b8 6e d6 3c e4 ^.K|y.......n.<.
0140: 9e 3d ea a9 75 79 .=..uy
TLS trace: SSL_connect:SSLv3 flush data
tls_read: want=5, got=5
0000: 14 03 01 00 01 .....
tls_read: want=1, got=1
0000: 01 .
tls_read: want=5, got=5
0000: 16 03 01 00 30 ....0
tls_read: want=48, got=48
0000: 54 f4 4a 5f ef ba db f9 2f b4 19 da fe 2c a7 7b T.J_..../....,.{
0010: 5f e6 b2 fd 39 48 61 57 b9 b7 b0 0b 42 6a 32 60 _...9HaW....Bj2`
0020: eb 4e f2 da 7a a3 8e a1 85 6f 77 28 bc 94 a4 3e .N..z....ow(...>
TLS trace: SSL_connect:SSLv3 read finished A
TLS: hostname (ldap.summitnjhome.com) does not match common name in certificate (bsd2.summitnjhome.com).
ldap_perror
ldap_start_tls: Connect error (-11)
additional info: TLS: hostname does not match CN in peer certificate