[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS secure connection to an LDAP server

To: François Beretti <francois.beretti@enatel.com>
Subject: Re: TLS secure connection to an LDAP server
From: fatima riadi <ftmriadi@yahoo.fr>
Date: Wed, 23 Mar 2005 16:46:30 +0100 (CET)
Cc: OpenLDAP Mail List <openldap-software@OpenLDAP.org>

In fact, I used the server fully qualified domain name
to name the certificate (ldap_server.domain.com.pem).
I also used the server's dn during the connection but
it did not succed!

kind regards

--- François Beretti <francois.beretti@enatel.com>
wrote:
> fatima riadi wrote:
> 
> >Hi there,
> >
> >I am trying to secure connections to my ldap server
> by
> >using TLS.
> >I created a certificate for my server. The
> certicate
> >verification was OK (openssl verify -CAfile
> >/path/to/ca.pem /path/to/my_ldap_srv_certificate).
> >On my slapd.conf file I set TLSCACertificateFile,
> >TLSCertificate and TLSCertificateKeyFile paths.
> >I ran my server on the two default ports 389 (ldap)
> >and 636 (ldaps) using this command: 'slapd -d127 -h
> >"ldap:/// ldaps:///'.
> >Once checking the SSL conection (by running the
> >command: 'openssl s_client -connect localhost:636
> >-showcerts -state -CAfile /path/to/ca.pem'), I get
> the
> >following output:
> >  
> >
> Hello
> 
> Assuming you used the server's Fully Qualified
> Domain Name 
> (host.domaine.com) as the common name of the
> certificate,
> you have to use this FQDN to connect to the server,
> instead of "localhost".
> 
> regards,
> 
> François
> 
> >  
> >  CONNECTED(00000003)
> >  SSL_connect:before/connect initialization
> >  SSL_connect:SSLv2/v3 write client hello A
> >  SSL3 alert read:fatal:handshake failure
> >  SSL_connect:error in SSLv2/v3 read server hello A
> >  2338:error:14077410:SSL
> >routines:SSL23_GET_SERVER_HELLO:sslv3 alert
> handshake
> >failure:s23_clnt.c:470:
> >
> >My server's debug output shows:
> >
> >  TLS trace: SSL3 alert write:fatal:handshake
> failure
> >  TLS trace: SSL_accept:error in SSLv3 read client
> >hello B
> >  TLS trace: SSL_accept:error in SSLv3 read client
> >hello B
> >  TLS: can't accept.
> >  TLS: error:1408A0C1:SSL
> >routines:SSL3_GET_CLIENT_HELLO:no shared cipher
> >s3_srvr.c:882
> >  connection_read(8): TLS accept error error=-1
> id=0,
> >closing
> >  connection_closing: readying conn=0 sd=8 for
> close
> >  connection_close: conn=0 sd=8
> >  daemon: removing 8
> >  daemon: select: listen=6 active_threads=0
> tvp=NULL
> >  daemon: select: listen=7 active_threads=0
> tvp=NULL
> >  daemon: activity on 1 descriptors
> >  daemon: select: listen=6 active_threads=0
> tvp=NULL
> >  daemon: select: listen=7 active_threads=0
> tvp=NULL
> >
> >
> >I can't guess what could be the error. Do you
> please
> >have any suggestion?
> >
> >I am using OpenSSH_3.5p1 with OpenLDAP 2.1.22 on a
> Red
> >Hat box.
> >
> >Thank you in advance!
> >
> >
> >	
> >
> >	
> >		
>
>__________________________________________________________________
> >Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace
> de stockage pour vos mails ! 
> >Créez votre Yahoo! Mail sur
> http://fr.mail.yahoo.com/
> >
> >  
> >
> 
> 


	

	
		
__________________________________________________________________
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/

Follow-Ups:
- Re: TLS secure connection to an LDAP server
  - From: François Beretti <francois.beretti@enatel.com>

Prev by Date: Re: TLS secure connection to an LDAP server
Next by Date: Re: TLS secure connection to an LDAP server
Index(es):
- Chronological
- Thread