[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP and SSL
man, 29.11.2004 kl. 20.28 skrev Chasecreek Systemhouse:
> debian:/etc/ssl# openssl s_client -connect localhost:390
> CONNECTED(00000003)
> depth=0 /C=US/ST=Florida/L=Jacksonville/O=Chasecreek Systemhouse/O=WC
> -Sx- Jones/OU=Open
> Source/CN=debian.insecurity.org/emailAddress=webmaster@insecurity.org
> verify error:num=20:unable to get local issuer certificate
This shows (an) invalid cert(s).
> verify return:1
> depth=0 /C=US/ST=Florida/L=Jacksonville/O=Chasecreek Systemhouse/O=WC
> -Sx- Jones/OU=Open
> Source/CN=debian.insecurity.org/emailAddress=webmaster@insecurity.org
> verify error:num=21:unable to verify the first certificate
> verify return:1
Ditto. Errors 18 and 19 are acceptable for self-signed certs.
Also, the output of the certs is wrong. Your server cert should show
something like:
Certificate chain
0 s:/C=NL/ST=Zuidholland/L=Nieuwveen/O=Billy/OU=Beheer/CN=localhost/emailAddress=postmaster@billy.demon.nl
i:/C=NL/ST=Zuidholland/L=Nieuwveen/O=Billy/OU=Beheer/CN=tru/emailAddress=postmaster@billy.demon.nl
1 s:/C=NL/ST=Zuidholland/L=Nieuwveen/O=Billy/OU=Beheer/CN=tru/emailAddress=postmaster@billy.demon.nl
i:/C=NL/ST=Zuidholland/L=Nieuwveen/O=Billy/OU=Beheer/CN=tru/emailAddress=postmaster@billy.demon.nl
See the "s" lines? CN should reflect the FQDN of your host (instead of
what I have).
--Tonni
--
The bottom line is, that after setting the cart among the pigeons, at the
end of the day I can see the carrot at the end of the tunnel
mail: tonye@billy.demon.nl
http://www.billy.demon.nl
They love us, don't they, They feed us, won't they ...
- Follow-Ups:
- Re: LDAP and SSL
- From: Chasecreek Systemhouse <chasecreek.systemhouse@gmail.com>