RE: TLS secure connection to an LDAP server

Thu, 24 Mar 2005 04:01:53 -0800 

--- "Tay, Gary" <[EMAIL PROTECTED]> wrote:
> Read
>
http://www.openldap.org/lists/openldap-software/200503/msg00309.html
> 
> Did u use DSA key?
> 
> Gary

Thank you for the link. I read it.

I am using RSA keys (I generated them by running the
command "openssl genrsa") even for the CA's key and
for my ldaps server's public key.

> 
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of fatima riadi
> Sent: Thursday, March 24, 2005 12:17 AM
> To: Fran?ois Beretti
> Cc: OpenLDAP Mail List
> Subject: Re: TLS secure connection to an LDAP server
> 
> 
> Hello,
> 
> > The name of the certificate file has nothing to
> do,
> > you choose the one
> > you want :-)
> 
> OK
> 
> > The common name of the certificate is the "cn"
> field
> > you enter when you
> > create the certificate
> > This name has to be the server's fully qualified
> > domain name
> > 
> OK, thank you.
> I know that.
> 
> > Then, when you test the SSL connection,
> > instead of :
> > openssl s_client -connect localhost:636 -showcerts
> > -state -CAfile /path/to/ca.pem
> > 
> > run this :
> > 
> > openssl s_client -connect ldap.domain.com:636
> > -showcerts -state -CAfile /path/to/ca.pem
> >
> I tested the SSL conection using the command above.
> As
> I told, it did not succed. :)
> It displayed the following:
> [EMAIL PROTECTED] root]# openssl s_client -connect
> ldap_srv_name.domain.com:636 -showcerts -state -ssl3
> -CAfile /path/to/ca.pem
>   CONNECTED(00000003)
>   SSL_connect:before/connect initialization
>   SSL_connect:SSLv3 write client hello A
>   SSL3 alert read:fatal:handshake failure
>   SSL_connect:failed in SSLv3 read server hello A
>   2456:error:14094410:SSL 
> routines:SSL3_READ_BYTES:sslv3 alert handshake 
> failure:s3_pkt.c:1052:SSL alert number 40
>   2456:error:1409E0E5:SSL
> routines:SSL3_WRITE_BYTES:ssl  handshake
> failure:s3_pkt.c:529:
> 
> What would you suggest please?
> 
> 
> 
>       
> 
>       
>               
>
__________________________________________________________________
> D�couvrez le nouveau Yahoo! Mail : 250 Mo d'espace
> de stockage pour vos mails ! 
> Cr�ez votre Yahoo! Mail sur
> http://fr.mail.yahoo.com/
> 


        

        
                
__________________________________________________________________
D�couvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Cr�ez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to