[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldapsearch and TLS
D.M.Lewney@sussex.ac.uk (Dave Lewney) writes:
> My guess is that the CN in your certificate is not "okocim" . Try this ...
>
> openssl s_client -connect okocim:636 -CAfile <path-to-CA-cert>
It's "okocim.cs.ubc.ca", but passing that to ldapsearch (instead of
"okocim") didn't help. Here's the output of the s_client command
above, with Base64-ish stuff deleted. What does that tell you?
-chris
depth=1 /C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=UBC Computer Science Certificate Authority/emailAddress=webmaster@cs.ubc.ca
verify return:1
depth=0 /C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=okocim.cs.ubc.ca/emailAddress=majewski@cs.ubc.ca
verify return:1
CONNECTED(00000003)
---
Certificate chain
0 s:/C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=okocim.cs.ubc.ca/emailAddress=majewski@cs.ubc.ca
i:/C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=UBC Computer Science Certificate Authority/emailAddress=webmaster@cs.ubc.ca
1 s:/C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=UBC Computer Science Certificate Authority/emailAddress=webmaster@cs.ubc.ca
i:/C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=UBC Computer Science Certificate Authority/emailAddress=webmaster@cs.ubc.ca
---
Server certificate
-----BEGIN CERTIFICATE-----
--stuff deleted---
-----END CERTIFICATE-----
subject=/C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=okocim.cs.ubc.ca/emailAddress=majewski@cs.ubc.ca
issuer=/C=CA/ST=British Columbia/L=Vancouver/O=University of British Columbia/OU=Department of Computer Science/CN=UBC Computer Science Certificate Authority/emailAddress=webmaster@cs.ubc.ca
---
No client certificate CA names sent
---
SSL handshake has read 2701 bytes and written 468 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 4B7AD233D1C20B5BBDBDD2C3CBFBB82FDDB075E5948C995B4AFF46826CA29756
Session-ID-ctx:
Master-Key: --stuff deleted--
Key-Arg : None
Krb5 Principal: None
Start Time: 1079545967
Timeout : 300 (sec)
Verify return code: 0 (ok)
---