[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch and TLS



D.M.Lewney@sussex.ac.uk (Dave Lewney) writes:

> My guess is that the CN in your certificate is not "okocim" . Try this ...
>
> openssl s_client -connect okocim:636 -CAfile <path-to-CA-cert>

It's "okocim.cs.ubc.ca",  but passing  that to ldapsearch  (instead of
"okocim")  didn't help.  Here's  the output  of  the s_client  command
above, with Base64-ish stuff deleted. What does that tell you? 

-chris

depth=1 /C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=UBC Computer Science Certificate Authority/emailAddress=webmaster@cs.ubc.ca
verify return:1
depth=0 /C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=okocim.cs.ubc.ca/emailAddress=majewski@cs.ubc.ca
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:/C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=okocim.cs.ubc.ca/emailAddress=majewski@cs.ubc.ca
   i:/C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=UBC Computer Science Certificate Authority/emailAddress=webmaster@cs.ubc.ca
 1 s:/C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=UBC Computer Science Certificate Authority/emailAddress=webmaster@cs.ubc.ca
   i:/C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=UBC Computer Science Certificate Authority/emailAddress=webmaster@cs.ubc.ca
---
Server certificate
-----BEGIN CERTIFICATE-----
--stuff deleted---
-----END CERTIFICATE-----
subject=/C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=okocim.cs.ubc.ca/emailAddress=majewski@cs.ubc.ca
issuer=/C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=UBC Computer Science Certificate Authority/emailAddress=webmaster@cs.ubc.ca
---
No client certificate CA names sent
---
SSL handshake has read 2701 bytes and written 468 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: 4B7AD233D1C20B5BBDBDD2C3CBFBB82FDDB075E5948C995B4AFF46826CA29756
    Session-ID-ctx: 
    Master-Key: --stuff deleted--
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1079545967
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---