[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL3 alert write:fatal:unknown CA



Am Freitag, 27. Juni 2003 00:05 schrieben Sie:
> Quanah Gibson-Mount wrote:
> >> Hi Kent,
> >> I looked in your excellent Document OpenLDAP_TLS_howto, also because
> >> Quanah  Gibson-Mount mentioned it.
> >>
> >> In Chapter 7 Using TLS you give the following example:
> >>
> >> ldapsearch -x -b 'dc=myserver,dc=com' -D "cn=Manager,dc=myserver,dc=com"
> >> '(objectclass=*)' -H ldaps://myserver.com -W -ZZ
> >>
> >> I thought TLS was working on port 389 and only SSL was using ldaps://
> >> If that's true the command would be:
> >
> >Pierre, SSL and TLS are essentially the same thing.  OpenLDAP does SSL+TLS
> >
> >on port 389.  By specifying ldaps://, you request that it make an
>
> encrypted
>
> >call to the OpenLDAP server, via SSL/TLS encryption.
> >
> >--Quanah
>
> On step further ... TLSv1 is basically SSLv3.
> SSL-enabled OpenLDAP servers use port 636 by default, but can use other
> ports if the server is started on those drives.
> TLS can be enabled on any OpenLDAP server port besides SSL ports.  389 is
> the default LDAP server port.
>
> example:
> % slapd -h "ldap:///  ldap://:12345  ldaps:///  ldaps://:999"
>
> gives 2 SSL-enabled ports (636 & 999) and 2 'potential' TLS-enabled ports
> (389 & 12345) if OpenLDAP clients start TLS.
>
> Cheers,
> Kent Soper
>
> "You don't stop playing because you grow old ...
>        you grow old because you stop playing."
>
> Linux Technology Center, Linux Security
> phone:  1-512-838-9216
> e-mail:  dksoper@us.ibm.com

Thank you for the clarity. These are the kind of infos that are not always 
easy to find.
Pierre