Hi,
I am trying to configure TLS/SSL and I have a Cert from Geotrust . I configure slapd.conf with the followings:
# TLS/SSL information
# TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /opt/local/etc/openldap/GeoTrust_Global_CA.cer TLSCertificateFile /opt/local/etc/openldap/rhea.curry.edu.pem.cer TLSCertificateKeyFile /opt/local/etc/openldap/rhea.key.pem
But when I check the cert using "openssl s_client -connect 192.168.60.43:636 -CApath /opt/local/etc/openldap/" I get CONNECTED(00000003) 140230373582504:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 321 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE
I checked the log I see TLS connection
Do the Certificate CN matching to servername ?
Thanks
On Sat, Jun 29, 2013 at 12:31 AM, Darouichi, Aziz <adarouic@post03.curry.edu
wrote:
Hi,****
I am trying to configure TLS/SSL and I have a Cert from Geotrust . I configure slapd.conf with the followings:****
# TLS/SSL information****
# TLSCipherSuite HIGH:MEDIUM:+SSLv2****
TLSCACertificateFile /opt/local/etc/openldap/GeoTrust_Global_CA.cer****
TLSCertificateFile /opt/local/etc/openldap/rhea.curry.edu.pem.cer****
TLSCertificateKeyFile /opt/local/etc/openldap/rhea.key.pem****
But when I check the cert using “openssl s_client -connect 192.168.60.43:636 -CApath /opt/local/etc/openldap/” I get ****
CONNECTED(00000003)****
140230373582504:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:****
---****
no peer certificate available****
---****
No client certificate CA names sent****
---****
SSL handshake has read 0 bytes and written 321 bytes****
---****
New, (NONE), Cipher is (NONE)****
Secure Renegotiation IS NOT supported****
Compression: NONE****
Expansion: NONE****
I checked the log I see TLS connection ****
Try with
openssl s_client -connect 192.168.60.43:636 -CAfile /opt/local/etc/openldap/GeoTrust_Global_CA.cer
By the way, is your CA cert file GeoTrust_Global_CA.cer is in pem format ?
Regards
On 28/06/2013 21:01, Darouichi, Aziz wrote:
Hi,
I am trying to configure TLS/SSL and I have a Cert from Geotrust . I configure slapd.conf with the followings:
# TLS/SSL information
# TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /opt/local/etc/openldap/GeoTrust_Global_CA.cer
TLSCertificateFile /opt/local/etc/openldap/rhea.curry.edu.pem.cer
TLSCertificateKeyFile /opt/local/etc/openldap/rhea.key.pem
But when I check the cert using "openssl s_client -connect 192.168.60.43:636 -CApath /opt/local/etc/openldap/" I get
CONNECTED(00000003)
140230373582504:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 321 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
I checked the log I see TLS connection
openldap-technical@openldap.org
-
Abdelkader Chelouah -
Darouichi, Aziz -
Vishesh kumar