[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
CA cert problem
- To: "openldap-software" <openldap-software@OpenLDAP.org>
- Subject: CA cert problem
- From: "Edward De Jongh" <Edwardd@discovery.co.za>
- Date: Fri, 1 Apr 2005 10:43:03 +0200
- Content-class: urn:content-classes:message
- Thread-index: AcU1Y6/MZa55BsVhT7Gy+HxVxElsFABMdZ6g
- Thread-topic: CA cert problem
Hi all I've managed to successfully generate a certificate using
openssl. I've put this as well as the other two files in the correct
places and pointed the slapd.conf correctly. This is on a RedHat ES3
server. I have as per the openldap docs:
http://www.openldap.org/faq/data/cache/185.html
Copied the cacert.pem to my windows client and when trying to connect
the ldap server returns:
daemon: new connection on 10
ldap_pvt_gethostbyname_a: host=dltinf01.discovery.co.za, r=0
daemon: added 10r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11
0000: 80 62 01 03 01 00 39 00 00 00 20 .b....9...
tls_read: want=89, got=89
0000: 00 00 04 01 00 80 00 00 05 00 00 2f 00 00 33 00
.........../..3.
0010: 00 32 00 00 0a 07 00 c0 00 00 16 00 00 13 00 00
.2..............
0020: 09 06 00 40 00 00 15 00 00 12 00 00 03 02 00 80
...@............
0030: 00 00 08 00 00 14 00 00 11 42 4d 08 ec 17 df 4a
.........BM....J
0040: d4 72 47 d2 78 c4 bc 94 6f 03 42 6e 41 e3 e1 f4
.rG.x...o.BnA...
0050: ae 4f eb d9 35 09 f6 d0 14 .O..5....
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write certificate request A
tls_write: want=1271, written=1271
0000: 16 03 01 00 4a 02 00 00 46 03 01 42 4d 0c f1 4e
....J...F..BM..N
0010: 55 dd 58 ff 68 17 87 ae 0c 6d 65 5f 8c 19 3d 9d
U.X.h....me_..=.
0020: b5 36 fc b7 eb d1 96 1d 75 88 7d 20 ca c2 dc a6 .6......u.}
....
0030: a5 2e 52 c8 d9 c5 93 23 d8 cd 46 e9 e1 ec e1 5b
..R....#..F....[
0040: fa 3d 32 31 05 38 2c 0c bf fa 29 e7 00 04 00 16
.=21.8,...).....
0050: 03 01 03 ee 0b 00 03 ea 00 03 e7 00 03 e4 30 82
..............0.
0060: 03 e0 30 82 03 49 a0 03 02 01 02 02 01 01 30 0d
..0..I........0.
0070: 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 81 9e
..*.H........0..
0080: 31 0b 30 09 06 03 55 04 06 13 02 5a 41 31 10 30
1.0...U....ZA1.0
0090: 0e 06 03 55 04 08 13 07 47 61 75 74 65 6e 67 31
...U....Gauteng1
00a0: 15 30 13 06 03 55 04 07 13 0c 4a 6f 68 61 6e 6e
.0...U....Johann
00b0: 65 73 62 75 72 67 31 12 30 10 06 03 55 04 0a 13
esburg1.0...U...
00c0: 09 44 69 73 63 6f 76 65 72 79 31 17 30 15 06 03
.Discovery1.0...
00d0: 55 04 0b 13 0e 44 69 73 63 6f 76 65 72 79 20 4c
U....Discovery L
00e0: 69 66 65 31 11 30 0f 06 03 55 04 03 13 08 64 6c
ife1.0...U....dl
00f0: 74 69 6e 66 30 31 31 26 30 24 06 09 2a 86 48 86
tinf011&0$..*.H.
0100: f7 0d 01 09 01 16 17 65 64 77 61 72 64 64 40 64
.......edwardd@d
0110: 69 73 63 6f 76 65 72 79 2e 63 6f 2e 7a 61 30 1e
iscovery.co.za0.
0120: 17 0d 30 35 30 34 30 31 30 38 31 36 32 37 5a 17
..050401081627Z.
0130: 0d 30 36 30 34 30 31 30 38 31 36 32 37 5a 30 81
.060401081627Z0.
0140: 9e 31 0b 30 09 06 03 55 04 06 13 02 5a 41 31 10
.1.0...U....ZA1.
0150: 30 0e 06 03 55 04 08 13 07 47 61 75 74 65 6e 67
0...U....Gauteng
0160: 31 15 30 13 06 03 55 04 07 13 0c 4a 6f 68 61 6e
1.0...U....Johan
0170: 6e 65 73 62 75 72 67 31 12 30 10 06 03 55 04 0a
nesburg1.0...U..
0180: 13 09 44 69 73 63 6f 76 65 72 79 31 17 30 15 06
..Discovery1.0..
0190: 03 55 04 0b 13 0e 44 69 73 63 6f 76 65 72 79 20
.U....Discovery
01a0: 4c 69 66 65 31 11 30 0f 06 03 55 04 03 13 08 64
Life1.0...U....d
01b0: 6c 74 69 6e 66 30 31 31 26 30 24 06 09 2a 86 48
ltinf011&0$..*.H
01c0: 86 f7 0d 01 09 01 16 17 65 64 77 61 72 64 64 40
........edwardd@
01d0: 64 69 73 63 6f 76 65 72 79 2e 63 6f 2e 7a 61 30
discovery.co.za0
01e0: 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05
..0...*.H.......
01f0: 00 03 81 8d 00 30 81 89 02 81 81 00 e0 08 93 75
.....0.........u
0200: ac 6c cc c7 44 ce c7 7d 5f 72 77 84 23 ab 3e 24
.l..D..}_rw.#.>$
0210: e5 7d 4a e7 56 ac 66 a2 8c 38 e0 12 ef c0 81 0c
.}J.V.f..8......
0220: 0a b8 20 53 78 ee 4d 85 e6 7a 03 08 84 94 12 32 ..
Sx.M..z.....2
0230: 3e 4d 60 29 90 f8 94 db 92 fc 16 9a 0b 39 34 58
>M`).........94X
0240: c3 57 f7 31 2e 25 76 95 ac 1f a3 7a 8b 42 a9 8f
.W.1.%v....z.B..
0250: d2 3c 0b 03 ea a9 a6 0c 12 51 7a 25 df a1 4f 45
.<.......Qz%..OE
0260: f0 7a ea 5c 16 f1 01 5e 92 fb f1 c3 4b 89 5b b8
.z.\...^....K.[.
0270: 17 7c e9 65 16 ba df 61 5d 22 8e d9 02 03 01 00
.|.e...a]"......
0280: 01 a3 82 01 2a 30 82 01 26 30 09 06 03 55 1d 13
....*0..&0...U..
0290: 04 02 30 00 30 2c 06 09 60 86 48 01 86 f8 42 01
..0.0,..`.H...B.
02a0: 0d 04 1f 16 1d 4f 70 65 6e 53 53 4c 20 47 65 6e .....OpenSSL
Gen
02b0: 65 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 erated
Certifica
02c0: 74 65 30 1d 06 03 55 1d 0e 04 16 04 14 a0 b7 f9
te0...U.........
02d0: 44 93 eb de 46 d5 b9 cb 23 6a db 28 04 ec 4d d5
D...F...#j.(..M.
02e0: 19 30 81 cb 06 03 55 1d 23 04 81 c3 30 81 c0 80
.0....U.#...0...
02f0: 14 70 04 ec 05 aa 43 21 fe 95 a9 43 79 7a 9b 8f
.p....C!...Cyz..
0300: ba d7 42 13 a4 a1 81 a4 a4 81 a1 30 81 9e 31 0b
..B........0..1.
0310: 30 09 06 03 55 04 06 13 02 5a 41 31 10 30 0e 06
0...U....ZA1.0..
0320: 03 55 04 08 13 07 47 61 75 74 65 6e 67 31 15 30
.U....Gauteng1.0
0330: 13 06 03 55 04 07 13 0c 4a 6f 68 61 6e 6e 65 73
...U....Johannes
0340: 62 75 72 67 31 12 30 10 06 03 55 04 0a 13 09 44
burg1.0...U....D
0350: 69 73 63 6f 76 65 72 79 31 17 30 15 06 03 55 04
iscovery1.0...U.
0360: 0b 13 0e 44 69 73 63 6f 76 65 72 79 20 4c 69 66 ...Discovery
Lif
0370: 65 31 11 30 0f 06 03 55 04 03 13 08 64 6c 74 69
e1.0...U....dlti
0380: 6e 66 30 31 31 26 30 24 06 09 2a 86 48 86 f7 0d
nf011&0$..*.H...
0390: 01 09 01 16 17 65 64 77 61 72 64 64 40 64 69 73
.....edwardd@dis
03a0: 63 6f 76 65 72 79 2e 63 6f 2e 7a 61 82 01 00 30
covery.co.za...0
03b0: 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 81
...*.H..........
03c0: 81 00 ae e5 15 bf 43 8c 19 ce 1c ed 28 71 73 55
......C.....(qsU
03d0: 36 49 7e b3 0a 6c 08 d2 23 83 de a6 27 c4 da f1
6I~..l..#...'...
03e0: 6f c2 b1 f9 07 8d 56 db cc fd 06 24 f7 52 ea 21
o.....V....$.R.!
03f0: bb 33 0e 8a e4 b4 26 fc 74 10 71 14 ca 0d 56 95
.3....&.t.q...V.
0400: 6b 58 cd f5 7b 0d 36 0e 2b 7c 39 29 47 6a b9 19
kX..{.6.+|9)Gj..
0410: 23 10 9c 8c 4d ba 50 40 8f fb 25 d5 cc e0 72 86
#...M.P@..%...r.
0420: 2c 4d 7f d4 ea 75 0d be 87 6e c0 36 55 f4 04 bb
,M...u...n.6U...
0430: 19 2b 2f b0 f0 f2 85 a5 71 ef 96 64 5e 84 4e 7a
.+/.....q..d^.Nz
0440: fb a5 16 03 01 00 b0 0d 00 00 a8 02 01 02 00 a3
................
0450: 00 a1 30 81 9e 31 0b 30 09 06 03 55 04 06 13 02
..0..1.0...U....
0460: 5a 41 31 10 30 0e 06 03 55 04 08 13 07 47 61 75
ZA1.0...U....Gau
0470: 74 65 6e 67 31 15 30 13 06 03 55 04 07 13 0c 4a
teng1.0...U....J
0480: 6f 68 61 6e 6e 65 73 62 75 72 67 31 12 30 10 06
ohannesburg1.0..
0490: 03 55 04 0a 13 09 44 69 73 63 6f 76 65 72 79 31
.U....Discovery1
04a0: 17 30 15 06 03 55 04 0b 13 0e 44 69 73 63 6f 76
.0...U....Discov
04b0: 65 72 79 20 4c 69 66 65 31 11 30 0f 06 03 55 04 ery
Life1.0...U.
04c0: 03 13 08 64 6c 74 69 6e 66 30 31 31 26 30 24 06
...dltinf011&0$.
04d0: 09 2a 86 48 86 f7 0d 01 09 01 16 17 65 64 77 61
.*.H........edwa
04e0: 72 64 64 40 64 69 73 63 6f 76 65 72 79 2e 63 6f
rdd@discovery.co
04f0: 2e 7a 61 0e 00 00 00 .za....
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
tls_read: want=5, got=5
0000: 15 03 01 00 02 .....
tls_read: want=2, got=2
0000: 02 2e ..
TLS trace: SSL3 alert read:fatal:certificate unknown
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
TLS: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
unknown s3_pkt.c:1052
connection_read(10): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10
daemon: removing 10
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
This process was working fine in my previous DEV implementation. Now it
is not working from JXplorer or my custom JAVA SSL client. Any pointers
would be greatly appreciated.
Tuesday Lobsang Rampa