[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS secure connection to an LDAP server



fatima riadi wrote:

Hi there,

I am trying to secure connections to my ldap server by
using TLS.
I created a certificate for my server. The certicate
verification was OK (openssl verify -CAfile
/path/to/ca.pem /path/to/my_ldap_srv_certificate).
On my slapd.conf file I set TLSCACertificateFile,
TLSCertificate and TLSCertificateKeyFile paths.
I ran my server on the two default ports 389 (ldap)
and 636 (ldaps) using this command: 'slapd -d127 -h
"ldap:/// ldaps:///'.
Once checking the SSL conection (by running the
command: 'openssl s_client -connect localhost:636
-showcerts -state -CAfile /path/to/ca.pem'), I get the
following output:


Hello

Assuming you used the server's Fully Qualified Domain Name (host.domaine.com) as the common name of the certificate,
you have to use this FQDN to connect to the server, instead of "localhost".


regards,

François

CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
2338:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:470:


My server's debug output shows:

 TLS trace: SSL3 alert write:fatal:handshake failure
 TLS trace: SSL_accept:error in SSLv3 read client
hello B
 TLS trace: SSL_accept:error in SSLv3 read client
hello B
 TLS: can't accept.
 TLS: error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher
s3_srvr.c:882
 connection_read(8): TLS accept error error=-1 id=0,
closing
 connection_closing: readying conn=0 sd=8 for close
 connection_close: conn=0 sd=8
 daemon: removing 8
 daemon: select: listen=6 active_threads=0 tvp=NULL
 daemon: select: listen=7 active_threads=0 tvp=NULL
 daemon: activity on 1 descriptors
 daemon: select: listen=6 active_threads=0 tvp=NULL
 daemon: select: listen=7 active_threads=0 tvp=NULL


I can't guess what could be the error. Do you please have any suggestion?

I am using OpenSSH_3.5p1 with OpenLDAP 2.1.22 on a Red
Hat box.

Thank you in advance!





__________________________________________________________________
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/