[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Rép. : Probleme with my certificat
Hi,
I have resolved my problem, i use now the openssl 0.9.7i version ,
probalby a problem with the openssl 0.9.8 version.
thx
>>> "Eudes LEDUCQ" <LEDUCQ@hec.fr> 10/27 6:02 >>>
Hi,
no one have an idee ?
thx
>>> "Eudes LEDUCQ" <LEDUCQ@hec.fr> 10/26 8:37 >>>
Hi,
i have simply created my certificat like :
/usr/local/ssl/bin/openssl req -newkey rsa:1024 -x509 -nodes -out
annuaire.fr.pem -keyout annuaire.fr.pem -days 365
i have put it in a directory :
cp annuaire.fr.pem
/usr/local/openLdap2.2.28/certificats/annuaire.fr.pem
then i have tested with openssl:
/usr/local/ssl/bin/openssl s_client -connect myipserver:636 -showcerts
it seem to boe good (not warrong or error)
and when i do a ldapsearch like this:
/usr/local/openLdap2.2.28/bin/ldapsearch -b dc=test,dc=fr -s sub -x -w
password -D cn=Manager,dc=test,dc=fr
is have got this error:
ldap_bind: Can't contact LDAP server (-1)
additional info: error:140943FC:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad record mac
TLS: can't accept.
TLS: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac s3_pkt.c:424
connection_read(9): TLS accept error error=-1 id=1, closing
connection_closing: readying conn=1 sd=9 for close
connection_close: conn=1 sd=9
my ldap.conf:
.....
TLS_CACERT /usr/local/openLdap2.2.28/certificats/annuaire.fr.pem
TLS_REQCERT allow
tls_ciphers HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3
.....
my slapd.conf
....
TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3
TLSCertificateFile
/usr/local/openLdap2.2.28/certificats/annuaire.fr.pem
TLSCertificateKeyFile
/usr/local/openLdap2.2.28/certificats/annuaire.fr.pem
TLSCACertificateFile
/usr/local/openLdap2.2.28/certificats/annuaire.fr.pem
What i don't understand is , i 'm able with my java code to make a
connection in ssl without probleme !
is something is wrong in my config ?
thx