[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SSL3 alert write:fatal:unknown CA
Am Freitag, 27. Juni 2003 00:05 schrieben Sie:
> Quanah Gibson-Mount wrote:
> >> Hi Kent,
> >> I looked in your excellent Document OpenLDAP_TLS_howto, also because
> >> Quanah Gibson-Mount mentioned it.
> >>
> >> In Chapter 7 Using TLS you give the following example:
> >>
> >> ldapsearch -x -b 'dc=myserver,dc=com' -D "cn=Manager,dc=myserver,dc=com"
> >> '(objectclass=*)' -H ldaps://myserver.com -W -ZZ
> >>
> >> I thought TLS was working on port 389 and only SSL was using ldaps://
> >> If that's true the command would be:
> >
> >Pierre, SSL and TLS are essentially the same thing. OpenLDAP does SSL+TLS
> >
> >on port 389. By specifying ldaps://, you request that it make an
>
> encrypted
>
> >call to the OpenLDAP server, via SSL/TLS encryption.
> >
> >--Quanah
>
> On step further ... TLSv1 is basically SSLv3.
> SSL-enabled OpenLDAP servers use port 636 by default, but can use other
> ports if the server is started on those drives.
> TLS can be enabled on any OpenLDAP server port besides SSL ports. 389 is
> the default LDAP server port.
>
> example:
> % slapd -h "ldap:/// ldap://:12345 ldaps:/// ldaps://:999"
>
> gives 2 SSL-enabled ports (636 & 999) and 2 'potential' TLS-enabled ports
> (389 & 12345) if OpenLDAP clients start TLS.
>
> Cheers,
> Kent Soper
>
> "You don't stop playing because you grow old ...
> you grow old because you stop playing."
>
> Linux Technology Center, Linux Security
> phone: 1-512-838-9216
> e-mail: dksoper@us.ibm.com
Thank you for the clarity. These are the kind of infos that are not always
easy to find.
Pierre