[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Connect to LDAP via ssl failed
hi,
I've followed the steps to generate the certificate and transfered it to our administrator of AD server for importing into the Personal Computer store and the Trusted Root CA store. However, I still can not connect that AD server via ssl with same error message "Cannot contact the LDAP server" which almost drive me mad. I doubted whether I had ignored some configuration with AD server.
Anyway, thanks for your help and kindness.
Have a nice day!:-)
Afar
_________________________________
Things would always be better than what we had expected...
So Try and Learn and Get more! :-)
----- Original Message -----
From: "Rechenberg, Andrew" <arechenberg@shermfin.com>
To: "afardong" <afardong@263.sina.com>; <openldap-software@OpenLDAP.org>
Sent: Friday, December 06, 2002 9:23 PM
Subject: RE: Connect to LDAP via ssl failed
>
> You have to make sure that a private key is associated with the
> certificate that is generated. If you have a Red Hat Linux installation
> available, it is quite easy to generate a certificate for use with your
> AD server.
>
> For Red Hat do the following:
>
> 1. Verify that OpenSSL is installed (rpm -q openssl). Install if
> necessary.
> 2. cd /usr/share/ssl/certs/
> 3. make SOMEFILE.pem
> 4. Input the data requested.
> 5. openssl pkcs12 -export -in SOMEFILE.pem -out SOMEFILE.p12 -name
> "SOMENAMEHERE"
> 6. Transfer the p12 file to the AD server and import it into the
> Personal Computer store and the Trusted Root CA store.
>
> Those are the exact steps I took and then I could use SSL with
> ldapsearch (which, I believe, uses the same ldap_* calls as you are
> trying to make with VC) to connect to our domain controllers.
>
> Hope this helps,
> Andy.
>
> -----Original Message-----
> From: afardong [mailto:afardong@263.sina.com]
> Sent: Thursday, December 05, 2002 8:31 PM
> To: Rechenberg, Andrew; openldap-software@OpenLDAP.org
> Subject: Re: Connect to LDAP via ssl failed
>
>
> hi,
>
> Thanks for your advice. Our administrator of AD server had genertaed a
> certificate, imported into Personal Computer store, and the Trusted Root
> CA store on itselfe before, but I still failed to connect the AD server
> from remote host via ssl. Here's the result I use openssl(in linux) to
> verify the cerfiticate of the AD server:
> ---
> New, TLSv1/SSLv3, Cipher is RC4-MD5
> Server public key is 1024 bit
> SSL-Session:
> Protocol : TLSv1
> Cipher : RC4-MD5
> Session-ID:
> 3D1400009BBAA03598DC56D949FC28D940924372EEF40AF8D8A37AD8A8A83F56
> Session-ID-ctx:
> Master-Key:
> D60476FD2077EC2A5D440EA81DE35FCAF9DAB3DA7537207724705C00ADE06693C839490F
> 7B2128F3E01E62FF72C21432
> Key-Arg : None
> Start Time: 1039137298
> Timeout : 300 (sec)
> Verify return code: 21 (unable to verify the first certificate)
> ---
>
> I'd like to take your way to have a try while I don't kown how to
> generated a new certificate with openssl(in windows) and how to import
> it into the Personal Computer store, and the Trusted Root CA store.
>
> Thanks a lot :-)
>
> Afar
> _________________________________
> Things would always be better than what we had expected...
> So Try and Learn and Get more! :-)
>
>
> ----- Original Message -----
> From: "Rechenberg, Andrew" <arechenberg@shermfin.com>
> To: "afardong" <afardong@263.sina.com>; <openldap-software@OpenLDAP.org>
> Sent: Thursday, December 05, 2002 9:31 PM
> Subject: RE: Connect to LDAP via ssl failed
>
>
>
> WRT Active Directory, I believe that the AD server has to have a valid
> certificate with the fully qualified domain name of the server as the CN
> in the certificate. I had the same problem not being able to connect to
> an Active Directory via SSL with ldapsearch from Red Hat Linux and the
> certificate that was issued to the AD server by our MS CA had expired.
>
> I generated a new certificate with OpenSSL, imported it into the
> Personal Computer store, and the Trusted Root CA store on the AD server,
> and then I was able to use SSL with ldapsearch to connect to the AD
> server.
>
> If I'm way off on this one, someone please correct me.
>
> Regards,
> Andy.
>
>
> -----Original Message-----
> From: afardong [mailto:afardong@263.sina.com]
> Sent: Thursday, December 05, 2002 1:38 AM
> To: openldap-software@OpenLDAP.org
> Subject: Connect to LDAP via ssl failed
>
>
> Hi,
>
> I am trying to perform some searching jobs wish VC from remote LDAP
> Server or Active Directory. The job is divided into the following steps:
> ldap_init, ldap_set_option(version3),ldap_connect,ldap_bind_s, then
> ldap_search_s and print the results etc. The code runs well with those
> steps while I try to connect the remote LDAP Server via ssl, problem
> comes. Using the ldap_sslinit instead of ldap_init, I got error "Cannot
> contact the LDAP server." every time when doing ldap_connect. I use
> netstat to monitor the connection status and did find the code get
> connected with the remote server(port 636).
>
> Could anyone give me some advices?Thanks:-)
>
> afar
>
>
>
>
>