[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP clients fail to connect with SSL enabled



> Does an ldapsearch -d -1 -ZZ successfully connect?

> If so, then that should rule out a problem with your slapd configuration
> and ldap client library configuration (the options within your ldap.conf
> used by the OpenLDAP client library). In that case, you might focus on your
> ldap nss configuration.

Hi Dan,

 Thanks for your input! I just noticed this interesting tidbit in the
output of that command.

TLS: hostname (ldap.summitnjhome.com) does not match common name in
certificate (bsd2.summitnjhome.com).
ldap_perror
ldap_start_tls: Connect error (-11)
	additional info: TLS: hostname does not match CN in peer certificate


Which is interesting because I caught that earlier, and genertated a
new CSR and downloaded the cert once more. When I regenerated the csr
I made sure to copy-paste the output into the common name field of the
generation process.

I'm enclosing the full output of that command as an attachment but I
think my next step is to call godaddy... heh :)

On Sun, Nov 21, 2010 at 6:16 PM, Dan White <dwhite@olp.net> wrote:
> On 21/11/10 17:24 -0500, bluethundr wrote:
>>
>> I am attempting to setup SSL/TLS support on my openLDAP 2.4 server on
>> FreeBSD.
>>
>> LBSD2# pkg_info | grep openldap
>> openldap-sasl-client-2.4.23 Open source LDAP client implementation
>> with SASL2 support
>> openldap-sasl-server-2.4.23 Open source LDAP server implementation
>
>
>> LBSD2# cat slapd.conf | grep -i tls
>> ## TLS options for slapd
>> TLSCipherSuite HIGH:MEDIUM:+SSLv2
>> TLSCertificateFile
>>  /usr/local/etc/openldap/cacerts/bsd2.summitnjhome.com.crt
>> TLSCertificateKeyFile /usr/local/etc/openldap/cacerts/slapd.pem
>> TLSCACertificateFile  /usr/local/etc/openldap/cacerts/sf_issuing.crt
>
>
>> Connection closed by 127.0.0.1
>>
>> [root@VIRTCENT08:/etc/openldap/cacerts]#getent passwd | grep ldapAccount
>> [same interminable wait as above]
>>
>>
>> This is what my /etc/ldap.conf file looks like on the client:
>>
>> [root@VIRTCENT08:/etc/openldap/cacerts]#cat /etc/ldap.conf
>> base dc=summitnjhome,dc=com
>> timelimit 120
>> bind_timelimit 120
>> idle_timelimit 3600
>> uri ldap://ldap.summitnjhome.com/
>> ssl start_tls
>> tls_cacertdir /etc/openldap/cacerts
>> pam_password crypt
>
> <commented out lines removed>
>
> Does an ldapsearch -d -1 -ZZ successfully connect?
>
> If so, then that should rule out a problem with your slapd configuration
> and ldap client library configuration (the options within your ldap.conf
> used by the OpenLDAP client library). In that case, you might focus on your
> ldap nss configuration.
>
> --
> Dan White
>



-- 
Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9

Share and enjoy!!
[root@VIRTCENT08:~]#ldapsearch -h ldap.summitnjhome.com -d -1 -ZZ "dc=summitnjhome,dc=com"
ldap_create
ldap_url_parse_ext(ldap://ldap.summitnjhome.com)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldap.summitnjhome.com:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.1.44:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0x9043260 ptr=0x9043260 end=0x904327f len=31
  0000:  30 1d 02 01 01 77 18 80  16 31 2e 33 2e 36 2e 31   0....w...1.3.6.1  
  0010:  2e 34 2e 31 2e 31 34 36  36 2e 32 30 30 33 37      .4.1.1466.20037   
ber_scanf fmt ({) ber:
ber_dump: buf=0x9043260 ptr=0x9043265 end=0x904327f len=26
  0000:  77 18 80 16 31 2e 33 2e  36 2e 31 2e 34 2e 31 2e   w...1.3.6.1.4.1.  
  0010:  31 34 36 36 2e 32 30 30  33 37                     1466.20037        
ber_flush: 31 bytes to sd 3
  0000:  30 1d 02 01 01 77 18 80  16 31 2e 33 2e 36 2e 31   0....w...1.3.6.1  
  0010:  2e 34 2e 31 2e 31 34 36  36 2e 32 30 30 33 37      .4.1.1466.20037   
ldap_write: want=31, written=31
  0000:  30 1d 02 01 01 77 18 80  16 31 2e 33 2e 36 2e 31   0....w...1.3.6.1  
  0010:  2e 34 2e 31 2e 31 34 36  36 2e 32 30 30 33 37      .4.1.1466.20037   
ldap_result ld 0x903a530 msgid 1
wait4msg ld 0x903a530 msgid 1 (infinite timeout)
wait4msg continue ld 0x903a530 msgid 1 all 1
** ld 0x903a530 Connections:
* host: ldap.summitnjhome.com  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Sun Nov 21 18:39:49 2010

** ld 0x903a530 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** ld 0x903a530 Response Queue:
   Empty
ldap_chkResponseList ld 0x903a530 msgid 1 all 1
ldap_chkResponseList returns ld 0x903a530 NULL
ldap_int_select
read1msg: ld 0x903a530 msgid 1 all 1
ber_get_next
ldap_read: want=8, got=8
  0000:  30 0c 02 01 01 78 07 0a                            0....x..          
ldap_read: want=6, got=6
  0000:  01 00 04 00 04 00                                  ......            
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x9044680 ptr=0x9044680 end=0x904468c len=12
  0000:  02 01 01 78 07 0a 01 00  04 00 04 00               ...x........      
read1msg: ld 0x903a530 msgid 1 message type extended-result
ber_scanf fmt ({eaa) ber:
ber_dump: buf=0x9044680 ptr=0x9044683 end=0x904468c len=9
  0000:  78 07 0a 01 00 04 00 04  00                        x........         
read1msg: ld 0x903a530 0 new referrals
read1msg:  mark request completed, ld 0x903a530 msgid 1
request done: ld 0x903a530 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ber_scanf fmt ({eaa) ber:
ber_dump: buf=0x9044680 ptr=0x9044683 end=0x904468c len=9
  0000:  78 07 0a 01 00 04 00 04  00                        x........         
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x9044680 ptr=0x9044683 end=0x904468c len=9
  0000:  78 07 0a 01 00 04 00 04  00                        x........         
ber_scanf fmt (}) ber:
ber_dump: buf=0x9044680 ptr=0x904468c end=0x904468c len=0

ldap_msgfree
TLS trace: SSL_connect:before/connect initialization
tls_write: want=121, written=121
  0000:  80 77 01 03 01 00 4e 00  00 00 20 00 00 39 00 00   .w....N... ..9..  
  0010:  38 00 00 35 00 00 16 00  00 13 00 00 0a 07 00 c0   8..5............  
  0020:  00 00 33 00 00 32 00 00  2f 03 00 80 00 00 05 00   ..3..2../.......  
  0030:  00 04 01 00 80 00 00 15  00 00 12 00 00 09 06 00   ................  
  0040:  40 00 00 14 00 00 11 00  00 08 00 00 06 04 00 80   @...............  
  0050:  00 00 03 02 00 80 00 00  ff ad e5 7a 4c 13 46 0d   ...........zL.F.  
  0060:  36 37 db 7a 13 eb c6 e6  fe 1e dd 73 ca 29 4e 85   67.z.......s.)N.  
  0070:  d4 80 fb 03 49 7b c4 b3  f0                        ....I{...         
TLS trace: SSL_connect:SSLv2/v3 write client hello A
tls_read: want=7, got=7
  0000:  16 03 01 00 4a 02 00                               ....J..           
tls_read: want=72, got=72
  0000:  00 46 03 01 4c e9 e6 e4  33 66 de 38 f2 a4 e6 e4   .F..L...3f.8....  
  0010:  08 60 7e 10 85 db 3f 2c  38 5a 16 c6 62 cc 50 f3   .`~...?,8Z..b.P.  
  0020:  52 2b ac 2b 20 5f ee c2  ba 25 30 64 b0 1c 98 7f   R+.+ _...%0d....  
  0030:  1c c5 9f 8d 86 8b af c2  fe ba 67 aa 00 dd 92 24   ..........g....$  
  0040:  f2 51 75 82 9d 00 35 00                            .Qu...5.          
TLS trace: SSL_connect:SSLv3 read server hello A
tls_read: want=5, got=5
  0000:  16 03 01 05 87                                     .....             
tls_read: want=1415, got=1364
  0000:  0b 00 05 83 00 05 80 00  05 7d 30 82 05 79 30 82   .........}0..y0.  
  0010:  04 61 a0 03 02 01 02 02  07 27 a9 d2 7c 32 07 be   .a.......'..|2..  
  0020:  30 0d 06 09 2a 86 48 86  f7 0d 01 01 05 05 00 30   0...*.H........0  
  0030:  81 ca 31 0b 30 09 06 03  55 04 06 13 02 55 53 31   ..1.0...U....US1  
  0040:  10 30 0e 06 03 55 04 08  13 07 41 72 69 7a 6f 6e   .0...U....Arizon  
  0050:  61 31 13 30 11 06 03 55  04 07 13 0a 53 63 6f 74   a1.0...U....Scot  
  0060:  74 73 64 61 6c 65 31 1a  30 18 06 03 55 04 0a 13   tsdale1.0...U...  
  0070:  11 47 6f 44 61 64 64 79  2e 63 6f 6d 2c 20 49 6e   .GoDaddy.com, In  
  0080:  63 2e 31 33 30 31 06 03  55 04 0b 13 2a 68 74 74   c.1301..U...*htt  
  0090:  70 3a 2f 2f 63 65 72 74  69 66 69 63 61 74 65 73   p://certificates  
  00a0:  2e 67 6f 64 61 64 64 79  2e 63 6f 6d 2f 72 65 70   .godaddy.com/rep  
  00b0:  6f 73 69 74 6f 72 79 31  30 30 2e 06 03 55 04 03   ository100...U..  
  00c0:  13 27 47 6f 20 44 61 64  64 79 20 53 65 63 75 72   .'Go Daddy Secur  
  00d0:  65 20 43 65 72 74 69 66  69 63 61 74 69 6f 6e 20   e Certification   
  00e0:  41 75 74 68 6f 72 69 74  79 31 11 30 0f 06 03 55   Authority1.0...U  
  00f0:  04 05 13 08 30 37 39 36  39 32 38 37 30 1e 17 0d   ....079692870...  
  0100:  31 30 31 31 32 31 32 32  35 35 35 38 5a 17 0d 31   101121225558Z..1  
  0110:  31 31 31 32 31 31 33 32  36 33 31 5a 30 63 31 1e   11121132631Z0c1.  
  0120:  30 1c 06 03 55 04 0a 13  15 62 73 64 32 2e 73 75   0...U....bsd2.su  
  0130:  6d 6d 69 74 6e 6a 68 6f  6d 65 2e 63 6f 6d 31 21   mmitnjhome.com1!  
  0140:  30 1f 06 03 55 04 0b 13  18 44 6f 6d 61 69 6e 20   0...U....Domain   
  0150:  43 6f 6e 74 72 6f 6c 20  56 61 6c 69 64 61 74 65   Control Validate  
  0160:  64 31 1e 30 1c 06 03 55  04 03 13 15 62 73 64 32   d1.0...U....bsd2  
  0170:  2e 73 75 6d 6d 69 74 6e  6a 68 6f 6d 65 2e 63 6f   .summitnjhome.co  
  0180:  6d 30 82 01 22 30 0d 06  09 2a 86 48 86 f7 0d 01   m0.."0...*.H....  
  0190:  01 01 05 00 03 82 01 0f  00 30 82 01 0a 02 82 01   .........0......  
  01a0:  01 00 c3 4d bd c9 60 3b  d3 77 a6 00 42 41 71 db   ...M..`;.w..BAq.  
  01b0:  57 d2 1a 0f 9c e0 24 28  33 fe 55 03 f7 9d a3 20   W.....$(3.U....   
  01c0:  7a 29 44 66 58 fb 4b d0  a8 8d f2 da ef 1a 3e fb   z)DfX.K.......>.  
  01d0:  e3 2d c0 79 fb a3 fd bc  db ce 2d 02 db 96 46 f9   .-.y......-...F.  
  01e0:  24 d2 eb 48 8f c1 da 6b  2e 35 3a cd 1f 01 ff b2   $..H...k.5:.....  
  01f0:  95 47 63 37 6e be 91 ad  6c ae 97 64 25 0d 65 fd   .Gc7n...l..d%.e.  
  0200:  4e a3 76 f9 2c 48 f8 da  a9 83 2a 52 f2 57 5e f0   N.v.,H....*R.W^.  
  0210:  a9 75 c6 ff 90 57 4f 15  51 96 15 f4 4c 17 89 ef   .u...WO.Q...L...  
  0220:  c5 59 0e 20 75 99 90 4e  43 40 e0 4b 40 02 21 03   .Y. u..NC@.K@.!.  
  0230:  c6 03 4c c5 6b 18 0b 2a  ea 58 84 2d 55 42 ad 9d   ..L.k..*.X.-UB..  
  0240:  a7 13 22 6a 47 6b 39 ee  18 02 5e 48 25 5e 97 6e   .."jGk9...^H%^.n  
  0250:  38 e3 74 f2 e3 2f 71 2d  56 50 63 a4 76 86 e3 c8   8.t../q-VPc.v...  
  0260:  a2 70 46 b6 4a 90 d1 3a  c8 93 78 1e 80 cc cd 9e   .pF.J..:..x.....  
  0270:  e3 05 f1 03 1c de 6c 62  db 50 8b 9c 9d c9 06 a0   ......lb.P......  
  0280:  d0 b8 b4 11 d1 63 54 4c  bb bd 4b 37 f2 97 44 55   .....cTL..K7..DU  
  0290:  9b ed 31 da a8 ae 1b 12  47 de f9 91 2b ae fe 6b   ..1.....G...+..k  
  02a0:  d5 55 02 03 01 00 01 a3  82 01 c8 30 82 01 c4 30   .U.........0...0  
  02b0:  0f 06 03 55 1d 13 01 01  ff 04 05 30 03 01 01 00   ...U.......0....  
  02c0:  30 1d 06 03 55 1d 25 04  16 30 14 06 08 2b 06 01   0...U.%..0...+..  
  02d0:  05 05 07 03 01 06 08 2b  06 01 05 05 07 03 02 30   .......+.......0  
  02e0:  0e 06 03 55 1d 0f 01 01  ff 04 04 03 02 05 a0 30   ...U...........0  
  02f0:  33 06 03 55 1d 1f 04 2c  30 2a 30 28 a0 26 a0 24   3..U...,0*0(.&.$  
  0300:  86 22 68 74 74 70 3a 2f  2f 63 72 6c 2e 67 6f 64   ."http://crl.god  
  0310:  61 64 64 79 2e 63 6f 6d  2f 67 64 73 31 2d 32 36   addy.com/gds1-26  
  0320:  2e 63 72 6c 30 4d 06 03  55 1d 20 04 46 30 44 30   .crl0M..U. .F0D0  
  0330:  42 06 0b 60 86 48 01 86  fd 6d 01 07 17 01 30 33   B..`.H...m....03  
  0340:  30 31 06 08 2b 06 01 05  05 07 02 01 16 25 68 74   01..+........%ht  
  0350:  74 70 73 3a 2f 2f 63 65  72 74 73 2e 67 6f 64 61   tps://certs.goda  
  0360:  64 64 79 2e 63 6f 6d 2f  72 65 70 6f 73 69 74 6f   ddy.com/reposito  
  0370:  72 79 2f 30 81 80 06 08  2b 06 01 05 05 07 01 01   ry/0....+.......  
  0380:  04 74 30 72 30 24 06 08  2b 06 01 05 05 07 30 01   .t0r0$..+.....0.  
  0390:  86 18 68 74 74 70 3a 2f  2f 6f 63 73 70 2e 67 6f   ..http://ocsp.go  
  03a0:  64 61 64 64 79 2e 63 6f  6d 2f 30 4a 06 08 2b 06   daddy.com/0J..+.  
  03b0:  01 05 05 07 30 02 86 3e  68 74 74 70 3a 2f 2f 63   ....0..>http://c  
  03c0:  65 72 74 69 66 69 63 61  74 65 73 2e 67 6f 64 61   ertificates.goda  
  03d0:  64 64 79 2e 63 6f 6d 2f  72 65 70 6f 73 69 74 6f   ddy.com/reposito  
  03e0:  72 79 2f 67 64 5f 69 6e  74 65 72 6d 65 64 69 61   ry/gd_intermedia  
  03f0:  74 65 2e 63 72 74 30 1f  06 03 55 1d 23 04 18 30   te.crt0...U.#..0  
  0400:  16 80 14 fd ac 61 32 93  6c 45 d6 e2 ee 85 5f 9a   .....a2.lE...._.  
  0410:  ba e7 76 99 68 cc e7 30  3b 06 03 55 1d 11 04 34   ..v.h..0;..U...4  
  0420:  30 32 82 15 62 73 64 32  2e 73 75 6d 6d 69 74 6e   02..bsd2.summitn  
  0430:  6a 68 6f 6d 65 2e 63 6f  6d 82 19 77 77 77 2e 62   jhome.com..www.b  
  0440:  73 64 32 2e 73 75 6d 6d  69 74 6e 6a 68 6f 6d 65   sd2.summitnjhome  
  0450:  2e 63 6f 6d 30 1d 06 03  55 1d 0e 04 16 04 14 fb   .com0...U.......  
  0460:  e6 7f 2e bb 16 16 a9 21  ae d9 4b e8 b1 74 b9 37   .......!..K..t.7  
  0470:  dd 9b 1e 30 0d 06 09 2a  86 48 86 f7 0d 01 01 05   ...0...*.H......  
  0480:  05 00 03 82 01 01 00 c0  44 20 2f 30 2a 27 31 dc   ........D /0*'1.  
  0490:  1f bf de 14 ab 5f 31 df  12 01 ce 92 51 1d 0d 90   ....._1.....Q...  
  04a0:  d2 fa 69 f5 30 4d d7 ee  1a d0 6d c4 be 5a ce 95   ..i.0M....m..Z..  
  04b0:  74 28 53 d1 5e b0 a8 88  08 a6 88 fb d2 ac 7d 80   t(S.^.........}.  
  04c0:  6b 7f f3 9a e7 8b e8 45  8f c0 58 e5 da e2 14 34   k......E..X....4  
  04d0:  f8 08 c9 f7 af e6 65 a5  c9 6a be e7 16 9c ef aa   ......e..j......  
  04e0:  18 41 f0 5b 68 ba 7c 56  81 25 f9 2d 95 a2 3d f6   .A.[h.|V.%.-..=.  
  04f0:  f7 3b 4f 1e c8 52 8b 1d  68 1f a1 8f 18 a8 33 d5   .;O..R..h.....3.  
  0500:  e6 8a 1d 63 79 a9 56 3a  ad ed 8d 07 29 2b 24 93   ...cy.V:....)+$.  
  0510:  0f 4d 93 d3 51 6d f7 33  a3 2d c5 12 10 50 85 55   .M..Qm.3.-...P.U  
  0520:  a5 05 d6 34 e1 7e 52 a4  11 c7 93 94 09 60 61 c3   ...4.~R......`a.  
  0530:  14 f4 11 e2 de 02 aa b0  36 5d 95 b7 0f 4c 9a 44   ........6]...L.D  
  0540:  31 9f 2c 34 97 ce b6 e6  6f 21 17 78 d9 23 15 95   1.,4....o!.x.#..  
  0550:  65 9c 9b 2c                                        e..,              
tls_read: want=51, got=51
  0000:  d6 17 42 f5 b2 00 29 13  5d 2e d9 4c 70 9f d3 b6   ..B...).]..Lp...  
  0010:  9e 2a 8b 08 16 ea a0 1f  7f 26 eb 41 09 16 2d 80   .*.......&.A..-.  
  0020:  a9 64 dd a7 e9 bd 6b 26  f9 c2 fc 9a b9 a9 2c da   .d....k&......,.  
  0030:  00 fd 36                                           ..6               
TLS certificate verification: depth: 2, err: 0, subject: /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority, issuer: /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
TLS certificate verification: depth: 1, err: 0, subject: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287, issuer: /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
TLS certificate verification: depth: 0, err: 0, subject: /O=bsd2.summitnjhome.com/OU=Domain Control Validated/CN=bsd2.summitnjhome.com, issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
TLS trace: SSL_connect:SSLv3 read server certificate A
tls_read: want=5, got=5
  0000:  16 03 01 00 04                                     .....             
tls_read: want=4, got=4
  0000:  0e 00 00 00                                        ....              
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
tls_write: want=326, written=326
  0000:  16 03 01 01 06 10 00 01  02 01 00 ab c7 3e 57 f1   .............>W.  
  0010:  bd 13 2e 6f 3c 5d f2 e3  eb 66 c7 cc 0e 37 f3 2c   ...o<]...f...7.,  
  0020:  88 92 a8 1a 9c 85 f4 22  3c 9e 0e fa 6a 86 46 fb   ......."<...j.F.  
  0030:  dc f1 f3 59 41 53 dc d8  f0 6b 91 3c 9f e1 85 e5   ...YAS...k.<....  
  0040:  1f 11 22 e9 73 fd a3 0d  eb 5a 98 1b 7f 77 85 83   ..".s....Z...w..  
  0050:  11 74 79 d2 8b e6 b8 90  d5 37 49 f3 20 06 0a a2   .ty......7I. ...  
  0060:  c7 73 40 46 50 71 c8 db  1a 3a ff e1 cf cd 33 c7   .s@FPq...:....3.  
  0070:  e8 83 32 50 7a bb 9d 6d  4c 04 6d 8d 09 72 5b b5   ..2Pz..mL.m..r[.  
  0080:  d3 14 c2 20 bd cf 24 f0  1f 8b 88 43 d0 cc 86 51   ... ..$....C...Q  
  0090:  d6 d7 54 4a 51 0a 64 0c  59 ea d0 c4 9e ca a7 e7   ..TJQ.d.Y.......  
  00a0:  68 d9 9e 59 54 3f 9e c3  d4 c6 d2 96 b6 08 31 50   h..YT?........1P  
  00b0:  16 e3 b1 d3 06 f3 eb cf  73 25 43 54 1c 98 43 37   ........s%CT..C7  
  00c0:  87 d4 81 ef 86 75 3c 78  06 47 f8 6c 44 c4 a0 7e   .....u<x.G.lD..~  
  00d0:  0c f7 db 24 34 19 19 04  03 69 a1 4c 7a 0c d7 8c   ...$4....i.Lz...  
  00e0:  78 bb 77 4b 8f 5a d3 d1  f6 90 f3 c9 2d a8 df b1   x.wK.Z......-...  
  00f0:  2c 4f 27 10 d2 20 96 b8  db 2b 6d e6 b9 dc 4d bc   ,O'.. ...+m...M.  
  0100:  6a ed 56 0c 75 26 62 a0  3b 8a c5 14 03 01 00 01   j.V.u&b.;.......  
  0110:  01 16 03 01 00 30 6e 56  82 8a d3 8d c9 a2 62 30   .....0nV......b0  
  0120:  12 d0 60 eb 0f b8 b0 83  6d db eb 0c de a2 de 37   ..`.....m......7  
  0130:  5e 19 4b 7c 79 fb 88 d4  ea fb bb b8 6e d6 3c e4   ^.K|y.......n.<.  
  0140:  9e 3d ea a9 75 79                                  .=..uy            
TLS trace: SSL_connect:SSLv3 flush data
tls_read: want=5, got=5
  0000:  14 03 01 00 01                                     .....             
tls_read: want=1, got=1
  0000:  01                                                 .                 
tls_read: want=5, got=5
  0000:  16 03 01 00 30                                     ....0             
tls_read: want=48, got=48
  0000:  54 f4 4a 5f ef ba db f9  2f b4 19 da fe 2c a7 7b   T.J_..../....,.{  
  0010:  5f e6 b2 fd 39 48 61 57  b9 b7 b0 0b 42 6a 32 60   _...9HaW....Bj2`  
  0020:  eb 4e f2 da 7a a3 8e a1  85 6f 77 28 bc 94 a4 3e   .N..z....ow(...>  
TLS trace: SSL_connect:SSLv3 read finished A
TLS: hostname (ldap.summitnjhome.com) does not match common name in certificate (bsd2.summitnjhome.com).
ldap_perror
ldap_start_tls: Connect error (-11)
	additional info: TLS: hostname does not match CN in peer certificate