[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: fedora and openldap
here it is, thanks!
# certutil -d /etc/openldap/cacerts/ -L "name cert"
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
name cert CTu,u,u
# certutil -V -u V -d /etc/openldap/cacerts/ -n "name cert"
certutil: certificate is valid
please post the output of
certutil -L -d /etc/openldap/cacerts -n "name cert"
# certutil -L -d /etc/openldap/cacerts -n "server cert"
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
00:af:0e:09:e3:b5:c0:13:3f
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "E=jflo@imppc.org,CN=server.fdqn,OU=linux,O=company,L=Ba
dalona,ST=Barcelona,C=ES"
Validity:
Not Before: Tue Apr 12 15:44:55 2011
Not After : Mon Jan 06 15:44:55 2014
Subject: "E=jflo@imppc.org,CN=server.fdqn,OU=linux,O=company,L=B
adalona,ST=Barcelona,C=ES"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
b8:53:e1:82:9d:af:b9:0c:33:95:a6:5f:b2:bc:9b:5c:
38:e9:f9:8a:64:48:fd:61:ee:93:65:f1:d0:61:9e:c7:
0f:b6:c5:9a:77:36:5a:c1:b9:cb:2e:bf:21:a8:bd:81:
68:98:fa:60:77:8a:9b:9b:73:24:2a:9b:9b:c4:53:0c:
cb:44:83:d4:bd:2c:8c:19:7c:e4:c8:24:e4:bf:e7:ff:
b6:1f:fe:71:eb:00:d7:c4:22:1a:f3:9a:30:5c:85:90:
08:05:c0:7d:a3:73:7c:6e:3f:60:73:ad:84:bf:82:c7:
fe:b9:20:66:2a:44:88:38:20:e6:50:70:cd:5f:a9:5f:
75:59:30:3d:c4:83:06:11:12:b3:1e:dc:5c:a9:75:f0:
b8:45:17:99:c9:c8:0e:94:19:a2:e4:bb:da:15:6d:77:
99:3a:f2:77:74:09:c1:6b:ef:5d:68:51:91:90:45:13:
12:51:88:11:7a:51:3d:7d:fa:1f:f4:d7:be:2e:68:9f:
d7:5b:d8:ee:eb:5d:b2:1a:34:3e:2f:1d:26:89:03:46:
fd:b7:70:c0:b5:30:81:77:c6:12:42:8d:d9:b1:86:b1:
eb:cd:ac:88:15:8a:c2:c5:99:a2:1d:c0:59:6b:49:81:
9f:7e:06:bc:b2:64:a5:ad:08:c8:8c:79:a7:7a:df:87
Exponent: 65537 (0x10001)
Signed Extensions:
Name: Certificate Subject Key ID
Data:
c4:a3:f8:6c:51:45:55:07:46:19:c5:f1:ed:12:42:c5:
58:93:df:e3
Name: Certificate Authority Key Identifier
Key ID:
c4:a3:f8:6c:51:45:55:07:46:19:c5:f1:ed:12:42:c5:
58:93:df:e3
Name: Certificate Basic Constraints
Data: Is a CA with no maximum path length.
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Signature:
1d:12:4c:2a:2b:0d:8d:a3:ae:b6:88:7f:84:e8:50:d6:
b4:92:d0:50:ea:85:9a:d8:b5:5f:c1:02:ff:16:00:e7:
ca:bd:2c:00:a6:a1:61:d1:3f:ff:06:34:e4:0a:31:49:
05:b4:f6:fd:2a:40:84:8a:72:f7:cc:f7:ee:23:5f:b8:
35:18:32:25:e2:6a:3b:51:e2:08:7e:37:1b:99:4d:12:
bc:9d:b0:fd:89:41:9e:33:31:17:e8:cf:bb:c4:f3:f2:
5a:c9:88:f4:cb:cb:79:70:af:7d:6e:0e:59:ca:cc:7f:
a6:4e:7d:2c:b1:04:a7:90:1a:08:7d:74:4d:5c:6b:71:
13:ec:e7:54:e0:b8:16:2f:19:e7:d6:bf:27:30:3e:30:
15:56:ed:08:76:cb:b5:22:78:fb:96:62:22:da:d8:67:
ad:69:92:83:56:89:39:09:f0:a1:da:cd:70:aa:c1:f3:
9a:9c:6a:d8:a3:72:13:2f:a2:6d:18:5f:9e:e5:82:e9:
8a:57:1b:8f:d9:f7:6c:78:3a:3f:92:61:15:1c:df:4e:
ae:d9:9e:62:29:00:cf:71:31:70:18:1b:05:24:4b:cf:
9f:62:30:1d:38:9a:e6:a9:e5:0a:f3:fb:8e:5a:fc:20:
a5:81:c9:b7:0c:a3:8c:a2:e5:31:e2:43:03:ca:a8:ba
Fingerprint (MD5):
93:AB:C5:56:6F:59:06:1A:49:8D:A4:71:40:25:D1:7E
Fingerprint (SHA1):
34:45:77:64:9F:4F:7B:90:27:23:CC:B8:0A:97:E2:BF:95:01:B6:3B
Certificate Trust Flags:
SSL Flags:
Valid CA
Trusted CA
User
Trusted Client CA
Email Flags:
User
Object Signing Flags:
User
Also post the output of
openssl x509 -in /path/to/the/server-cert.pem -text
# # openssl x509 -in /etc/openldap/cacerts/curri3-cert.pem -text
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=ES, ST=Barcelona, L=Badalona, O=company, OU=linux,
CN=server.fdqn/emailAddress=jflo@imppc.org
Validity
Not Before: Apr 12 15:55:56 2011 GMT
Not After : Jan 6 15:55:56 2014 GMT
Subject: C=ES, ST=Barcelona, L=Badalona, O=company, OU=linux,
CN=client.fdqn/emailAddress=jflo@imppc.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cc:d8:b1:b4:fa:48:96:d8:60:8a:40:91:48:1b:
f8:27:8c:f0:d8:d7:6e:73:7a:6d:15:fa:75:11:24:
d4:a1:b7:7f:10:7e:cf:76:93:31:02:46:07:74:ab:
28:5b:6a:5b:87:d9:27:73:2a:9c:21:25:c9:79:df:
40:47:15:53:c9:b3:db:f4:b4:b6:38:34:c5:5c:f1:
97:7b:a4:ff:19:7d:aa:4c:f0:7e:18:0b:be:57:c6:
17:b5:0b:84:f6:4e:6e:98:8d:7e:39:20:b9:f7:b5:
2a:03:66:d7:06:25:9f:19:a6:fe:12:86:24:b6:21:
25:62:90:88:ea:8b:62:db:e7:41:15:93:36:01:e4:
09:f7:08:ea:6e:32:e2:68:79:ec:0d:ff:d0:9e:7c:
b1:b3:da:13:3a:c0:58:dc:6a:f2:28:d2:ca:cf:44:
e6:af:71:0a:57:e7:eb:39:3a:ea:70:cb:ed:86:6d:
06:c9:d7:78:ab:63:5f:3a:89:67:bc:39:ed:e8:f7:
43:6a:5e:92:78:c1:00:e3:2b:0c:7f:cb:3c:5c:b9:
07:ae:31:9b:ef:b2:eb:5c:70:63:f8:5c:22:6b:ed:
bc:69:e5:6b:19:18:51:f2:73:72:4c:9e:47:f1:f2:
d7:38:3b:52:18:81:ef:c9:72:50:83:08:38:38:6b:
ce:73
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
83:ed:11:d4:08:2a:f6:10:41:c9:01:30:b1:60:2d:ed:1f:12:
80:b9:b4:d3:98:f9:a4:ea:42:ac:89:b2:db:a1:98:77:54:82:
86:17:fa:06:db:9d:db:41:f2:24:cf:b8:08:67:de:b5:d1:c2:
7d:94:06:ef:74:57:9d:7a:f8:a8:62:d2:4d:71:11:e6:07:bd:
b1:18:fa:c4:d7:3b:a6:57:42:fc:65:a5:27:e4:64:51:66:83:
22:33:4f:6b:ee:b3:8d:9f:29:a4:af:e9:5e:e8:91:79:d6:bd:
8f:4d:b6:d6:74:ea:96:c4:75:ea:3c:c5:71:9b:28:4d:00:93:
2d:02:38:03:d4:84:f2:af:73:d3:fd:f7:31:2f:33:2b:d3:ac:
47:68:9d:48:2f:5d:a0:6d:6d:8a:73:c7:c9:3e:4d:ad:5f:ef:
07:39:20:1e:1f:46:f7:7c:4b:e1:5e:7d:3d:4d:a2:7f:6e:f0:
c4:c2:8d:90:5d:cf:77:52:a7:33:f4:e8:97:c8:da:1b:73:ea:
c9:50:2c:ed:6d:2f:db:1d:02:f3:0d:a8:d0:df:d1:3e:8f:15:
db:53:4d:4d:85:5f:a4:c8:80:68:b7:ed:d2:f2:07:a0:e4:12:
d1:95:36:8b:81:53:d3:82:9d:46:d6:6e:77:6b:6e:bb:6f:62:
d0:ba:28:32
-----BEGIN CERTIFICATE-----
MIIDljCCAn4CAQEwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAkVTMRIwEAYD
VQQIDAlCYXJjZWxvbmExETAPBgNVBAcMCEJhZGFsb25hMQ4wDAYDVQQKDAVJTVBQ
QzEOMAwGA1UECwwFbGludXgxGzAZBgNVBAMMEmN1cnJpMC5pbXBwYy5sb2NhbDEd
MBsGCSqGSIb3DQEJARYOamZsb0BpbXBwYy5vcmcwHhcNMTEwNDEyMTU1NTU2WhcN
MTQwMTA2MTU1NTU2WjCBkDELMAkGA1UEBhMCRVMxEjAQBgNVBAgMCUJhcmNlbG9u
YTERMA8GA1UEBwwIQmFkYWxvbmExDjAMBgNVBAoMBUlNUFBDMQ4wDAYDVQQLDAVs
aW51eDEbMBkGA1UEAwwSY3VycmkzLmltcHBjLmxvY2FsMR0wGwYJKoZIhvcNAQkB
Fg5qZmxvQGltcHBjLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMzYsbT6SJbYYIpAkUgb+CeM8NjXbnN6bRX6dREk1KG3fxB+z3aTMQJGB3SrKFtq
W4fZJ3MqnCElyXnfQEcVU8mz2/S0tjg0xVzxl3uk/xl9qkzwfhgLvlfGF7ULhPZO
bpiNfjkgufe1KgNm1wYlnxmm/hKGJLYhJWKQiOqLYtvnQRWTNgHkCfcI6m4y4mh5
7A3/0J58sbPaEzrAWNxq8ijSys9E5q9xClfn6zk66nDL7YZtBsnXeKtjXzqJZ7w5
7ej3Q2peknjBAOMrDH/LPFy5B64xm++y61xwY/hcImvtvGnlaxkYUfJzckyeR/Hy
1zg7UhiB78lyUIMIODhrznMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAg+0R1Agq
9hBByQEwsWAt7R8SgLm005j5pOpCrImy26GYd1SChhf6Btud20HyJM+4CGfetdHC
fZQG73RXnXr4qGLSTXER5ge9sRj6xNc7pldC/GWlJ+RkUWaDIjNPa+6zjZ8ppK/p
XuiReda9j0221nTqlsR16jzFcZsoTQCTLQI4A9SE8q9z0/33MS8zK9OsR2idSC9d
oG1tinPHyT5NrV/vBzkgHh9G93xL4V59PU2if27wxMKNkF3Pd1KnM/Tol8jaG3Pq
yVAs7W0v2x0C8w2o0N/RPo8V21NNTYVfpMiAaLft0vIHoOQS0ZU2i4FT04KdRtZu
d2tuu29i0LooMg==
-----END CERTIFICATE-----
The server just complains about the tls communication:
(TLS negotiation failure)
Do you think it is necessary to recompile the server so that the tls
is done by moznss in both sides...
No. That is not the problem.
Thanks for your help,
j
--
Judith Flo Gaya
Systems Administrator IMPPC
e-mail: jflo@imppc.org
Tel (+34) 93 554-3079
Fax (+34) 93 465-1472
Institut de Medicina Predictiva i Personalitzada del CÃncer
Crta Can Ruti, Camà de les Escoles s/n
08916 Badalona, Barcelona,
Spain
http://www.imppc.org