[Date Prev][Date Next] [Chronological] [Thread] [Top]

CA cert problem



Hi all I've managed to successfully generate a certificate using
openssl. I've put this as well as the other two files in the correct
places and pointed the slapd.conf correctly. This is on a RedHat ES3
server. I have as per the openldap docs:
http://www.openldap.org/faq/data/cache/185.html
Copied the cacert.pem to my windows client and when trying to connect
the ldap server returns:

daemon: new connection on 10
ldap_pvt_gethostbyname_a: host=dltinf01.discovery.co.za, r=0
daemon: added 10r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11
  0000:  80 62 01 03 01 00 39 00  00 00 20                  .b....9...
tls_read: want=89, got=89
  0000:  00 00 04 01 00 80 00 00  05 00 00 2f 00 00 33 00
.........../..3.
  0010:  00 32 00 00 0a 07 00 c0  00 00 16 00 00 13 00 00
.2..............
  0020:  09 06 00 40 00 00 15 00  00 12 00 00 03 02 00 80
...@............
  0030:  00 00 08 00 00 14 00 00  11 42 4d 08 ec 17 df 4a
.........BM....J
  0040:  d4 72 47 d2 78 c4 bc 94  6f 03 42 6e 41 e3 e1 f4
.rG.x...o.BnA...
  0050:  ae 4f eb d9 35 09 f6 d0  14                        .O..5....
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write certificate request A
tls_write: want=1271, written=1271
  0000:  16 03 01 00 4a 02 00 00  46 03 01 42 4d 0c f1 4e
....J...F..BM..N
  0010:  55 dd 58 ff 68 17 87 ae  0c 6d 65 5f 8c 19 3d 9d
U.X.h....me_..=.
  0020:  b5 36 fc b7 eb d1 96 1d  75 88 7d 20 ca c2 dc a6   .6......u.}
....
  0030:  a5 2e 52 c8 d9 c5 93 23  d8 cd 46 e9 e1 ec e1 5b
..R....#..F....[
  0040:  fa 3d 32 31 05 38 2c 0c  bf fa 29 e7 00 04 00 16
.=21.8,...).....
  0050:  03 01 03 ee 0b 00 03 ea  00 03 e7 00 03 e4 30 82
..............0.
  0060:  03 e0 30 82 03 49 a0 03  02 01 02 02 01 01 30 0d
..0..I........0.
  0070:  06 09 2a 86 48 86 f7 0d  01 01 04 05 00 30 81 9e
..*.H........0..
  0080:  31 0b 30 09 06 03 55 04  06 13 02 5a 41 31 10 30
1.0...U....ZA1.0
  0090:  0e 06 03 55 04 08 13 07  47 61 75 74 65 6e 67 31
...U....Gauteng1
  00a0:  15 30 13 06 03 55 04 07  13 0c 4a 6f 68 61 6e 6e
.0...U....Johann
  00b0:  65 73 62 75 72 67 31 12  30 10 06 03 55 04 0a 13
esburg1.0...U...
  00c0:  09 44 69 73 63 6f 76 65  72 79 31 17 30 15 06 03
.Discovery1.0...
  00d0:  55 04 0b 13 0e 44 69 73  63 6f 76 65 72 79 20 4c
U....Discovery L
  00e0:  69 66 65 31 11 30 0f 06  03 55 04 03 13 08 64 6c
ife1.0...U....dl
  00f0:  74 69 6e 66 30 31 31 26  30 24 06 09 2a 86 48 86
tinf011&0$..*.H.
  0100:  f7 0d 01 09 01 16 17 65  64 77 61 72 64 64 40 64
.......edwardd@d
  0110:  69 73 63 6f 76 65 72 79  2e 63 6f 2e 7a 61 30 1e
iscovery.co.za0.
  0120:  17 0d 30 35 30 34 30 31  30 38 31 36 32 37 5a 17
..050401081627Z.
  0130:  0d 30 36 30 34 30 31 30  38 31 36 32 37 5a 30 81
.060401081627Z0.
  0140:  9e 31 0b 30 09 06 03 55  04 06 13 02 5a 41 31 10
.1.0...U....ZA1.
  0150:  30 0e 06 03 55 04 08 13  07 47 61 75 74 65 6e 67
0...U....Gauteng
  0160:  31 15 30 13 06 03 55 04  07 13 0c 4a 6f 68 61 6e
1.0...U....Johan
  0170:  6e 65 73 62 75 72 67 31  12 30 10 06 03 55 04 0a
nesburg1.0...U..
  0180:  13 09 44 69 73 63 6f 76  65 72 79 31 17 30 15 06
..Discovery1.0..
  0190:  03 55 04 0b 13 0e 44 69  73 63 6f 76 65 72 79 20
.U....Discovery
  01a0:  4c 69 66 65 31 11 30 0f  06 03 55 04 03 13 08 64
Life1.0...U....d
  01b0:  6c 74 69 6e 66 30 31 31  26 30 24 06 09 2a 86 48
ltinf011&0$..*.H
  01c0:  86 f7 0d 01 09 01 16 17  65 64 77 61 72 64 64 40
........edwardd@
  01d0:  64 69 73 63 6f 76 65 72  79 2e 63 6f 2e 7a 61 30
discovery.co.za0
  01e0:  81 9f 30 0d 06 09 2a 86  48 86 f7 0d 01 01 01 05
..0...*.H.......
  01f0:  00 03 81 8d 00 30 81 89  02 81 81 00 e0 08 93 75
.....0.........u
  0200:  ac 6c cc c7 44 ce c7 7d  5f 72 77 84 23 ab 3e 24
.l..D..}_rw.#.>$
  0210:  e5 7d 4a e7 56 ac 66 a2  8c 38 e0 12 ef c0 81 0c
.}J.V.f..8......
  0220:  0a b8 20 53 78 ee 4d 85  e6 7a 03 08 84 94 12 32   ..
Sx.M..z.....2
  0230:  3e 4d 60 29 90 f8 94 db  92 fc 16 9a 0b 39 34 58
>M`).........94X
  0240:  c3 57 f7 31 2e 25 76 95  ac 1f a3 7a 8b 42 a9 8f
.W.1.%v....z.B..
  0250:  d2 3c 0b 03 ea a9 a6 0c  12 51 7a 25 df a1 4f 45
.<.......Qz%..OE
  0260:  f0 7a ea 5c 16 f1 01 5e  92 fb f1 c3 4b 89 5b b8
.z.\...^....K.[.
  0270:  17 7c e9 65 16 ba df 61  5d 22 8e d9 02 03 01 00
.|.e...a]"......
  0280:  01 a3 82 01 2a 30 82 01  26 30 09 06 03 55 1d 13
....*0..&0...U..
  0290:  04 02 30 00 30 2c 06 09  60 86 48 01 86 f8 42 01
..0.0,..`.H...B.
  02a0:  0d 04 1f 16 1d 4f 70 65  6e 53 53 4c 20 47 65 6e   .....OpenSSL
Gen
  02b0:  65 72 61 74 65 64 20 43  65 72 74 69 66 69 63 61   erated
Certifica
  02c0:  74 65 30 1d 06 03 55 1d  0e 04 16 04 14 a0 b7 f9
te0...U.........
  02d0:  44 93 eb de 46 d5 b9 cb  23 6a db 28 04 ec 4d d5
D...F...#j.(..M.
  02e0:  19 30 81 cb 06 03 55 1d  23 04 81 c3 30 81 c0 80
.0....U.#...0...
  02f0:  14 70 04 ec 05 aa 43 21  fe 95 a9 43 79 7a 9b 8f
.p....C!...Cyz..
  0300:  ba d7 42 13 a4 a1 81 a4  a4 81 a1 30 81 9e 31 0b
..B........0..1.
  0310:  30 09 06 03 55 04 06 13  02 5a 41 31 10 30 0e 06
0...U....ZA1.0..
  0320:  03 55 04 08 13 07 47 61  75 74 65 6e 67 31 15 30
.U....Gauteng1.0
  0330:  13 06 03 55 04 07 13 0c  4a 6f 68 61 6e 6e 65 73
...U....Johannes
  0340:  62 75 72 67 31 12 30 10  06 03 55 04 0a 13 09 44
burg1.0...U....D
  0350:  69 73 63 6f 76 65 72 79  31 17 30 15 06 03 55 04
iscovery1.0...U.
  0360:  0b 13 0e 44 69 73 63 6f  76 65 72 79 20 4c 69 66   ...Discovery
Lif
  0370:  65 31 11 30 0f 06 03 55  04 03 13 08 64 6c 74 69
e1.0...U....dlti
  0380:  6e 66 30 31 31 26 30 24  06 09 2a 86 48 86 f7 0d
nf011&0$..*.H...
  0390:  01 09 01 16 17 65 64 77  61 72 64 64 40 64 69 73
.....edwardd@dis
  03a0:  63 6f 76 65 72 79 2e 63  6f 2e 7a 61 82 01 00 30
covery.co.za...0
  03b0:  0d 06 09 2a 86 48 86 f7  0d 01 01 04 05 00 03 81
...*.H..........
  03c0:  81 00 ae e5 15 bf 43 8c  19 ce 1c ed 28 71 73 55
......C.....(qsU
  03d0:  36 49 7e b3 0a 6c 08 d2  23 83 de a6 27 c4 da f1
6I~..l..#...'...
  03e0:  6f c2 b1 f9 07 8d 56 db  cc fd 06 24 f7 52 ea 21
o.....V....$.R.!
  03f0:  bb 33 0e 8a e4 b4 26 fc  74 10 71 14 ca 0d 56 95
.3....&.t.q...V.
  0400:  6b 58 cd f5 7b 0d 36 0e  2b 7c 39 29 47 6a b9 19
kX..{.6.+|9)Gj..
  0410:  23 10 9c 8c 4d ba 50 40  8f fb 25 d5 cc e0 72 86
#...M.P@..%...r.
  0420:  2c 4d 7f d4 ea 75 0d be  87 6e c0 36 55 f4 04 bb
,M...u...n.6U...
  0430:  19 2b 2f b0 f0 f2 85 a5  71 ef 96 64 5e 84 4e 7a
.+/.....q..d^.Nz
  0440:  fb a5 16 03 01 00 b0 0d  00 00 a8 02 01 02 00 a3
................
  0450:  00 a1 30 81 9e 31 0b 30  09 06 03 55 04 06 13 02
..0..1.0...U....
  0460:  5a 41 31 10 30 0e 06 03  55 04 08 13 07 47 61 75
ZA1.0...U....Gau
  0470:  74 65 6e 67 31 15 30 13  06 03 55 04 07 13 0c 4a
teng1.0...U....J
  0480:  6f 68 61 6e 6e 65 73 62  75 72 67 31 12 30 10 06
ohannesburg1.0..
  0490:  03 55 04 0a 13 09 44 69  73 63 6f 76 65 72 79 31
.U....Discovery1
  04a0:  17 30 15 06 03 55 04 0b  13 0e 44 69 73 63 6f 76
.0...U....Discov
  04b0:  65 72 79 20 4c 69 66 65  31 11 30 0f 06 03 55 04   ery
Life1.0...U.
  04c0:  03 13 08 64 6c 74 69 6e  66 30 31 31 26 30 24 06
...dltinf011&0$.
  04d0:  09 2a 86 48 86 f7 0d 01  09 01 16 17 65 64 77 61
.*.H........edwa
  04e0:  72 64 64 40 64 69 73 63  6f 76 65 72 79 2e 63 6f
rdd@discovery.co
  04f0:  2e 7a 61 0e 00 00 00                               .za....
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
tls_read: want=5, got=5
  0000:  15 03 01 00 02                                     .....
tls_read: want=2, got=2
  0000:  02 2e                                              ..
TLS trace: SSL3 alert read:fatal:certificate unknown
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
TLS: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
unknown s3_pkt.c:1052
connection_read(10): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10
daemon: removing 10
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL


This process was working fine in my previous DEV implementation. Now it
is not working from JXplorer or my custom JAVA SSL client. Any pointers
would be greatly appreciated.

Tuesday Lobsang Rampa