Am Freitag, 18. Oktober 2002 14:22 schrieben Sie:
> Harald wallus wrote:
> > Dears,
> >
> > I have still problem with netscape4.79. I just make every thing new. (I
> > like it to to every thing from base on, but need much time).
> >
> > That doesn't work: When I do everything with netscape4.79 I cannot
> > approve and sign:
> > Error 6203
> > General Error. The request is not signed!.
>
> I use 4.78 and have no problems. Did you mixed some CAs?
No, on this server is just only one version of openca. I beleave, that while I
testing something is broken.
I make everything new and some things looks now better (handle the cert in
initialization of CA works now). In the moment I initialize the RA (while I
write a new step by step, so it takes longer times, and because I'm slow).
My problem now is, that I can cannot to ldap, but with ldapsearch it works. I
append the description to this email.
>
> > Is this a problem of my DN? When I create a CA-Cert,
>
> The DN has nothing to do with signing problems.
Is there anywhere a more detailed explanation for dummy users like me of the
different syntax of DN. Or exists different syntax for different protocolls.
> > If I create an webserver-cert with netscape4.79 or with with IE6.0, they
> > have different lenghts. Is that OK?
> > -rw-r--r-- 1 root root 1862 Oct 18 10:35
> > ssl.crt/server.pem_net -rw-r--r-- 1 root root 1879 Oct 18
> > 10:35 ssl.crt/server.pem_ie
>
> Do you mean request? If you mean cert what do mean with create? Do you
> mean download? This is perhaps normal because the IE must add CR for old
> Win32-applications. Did you make a diff?
No, I make no diff because both are crypted. I not expect to see anything
interessting. The different lenghts are eye-catching.
> > If you like, I make a setup for the real internet for you.
>
> This is perhaps a good idea.
I can do it. But first I will complete this test. But today I will close this
work and start again on monday.
Thank you very much for your assistents.
Harald
--
Dr. Harald Wallus
Results GmbH
Am Listholze 78, D-30177 Hannover
Tel: +49(0)511 90 95 1-23 Fax: +49(0)511 90 95 = 1-90
Email: [EMAIL PROTECTED]
Internet: http://www.results-hannover.de
PGP-Key fingerprint = ED28 696E EA7B 8B64 ACCF 9674 5831 D584 9B93 D202
I start with ldapsearch (error-logs are tail -f xxxx &, so everything is seen):
ldapsearch -h 192.168.251.210 -x -D "cn=LDAP Manager,dc=results-hannover,dc=de" -w
peterpeter \*
# extended LDIF
#
# LDAPv3
# filter: (objectclass=*)
# requesting: *
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
testserver:/etc/openldap # Oct 18 14:52:41 testserver slapd[24790]: daemon: conn=3
fd=12 connection from IP=192.168.251.210:1094 (IP=0.0.0.0:389) accepted.
Oct 18 14:52:41 testserver slapd[24793]: conn=3 op=0 BIND dn="cn=LDAP
Manager,dc=results-hannover,dc=de" method=128
Oct 18 14:52:41 testserver slapd[24793]: conn=3 op=0 RESULT tag=97 err=0 text=
Oct 18 14:52:41 testserver slapd[24792]: conn=3 op=1 SRCH
base="dc=results-hannover.de,dc=de" scope=2 filter="(objectClass=*)"
Oct 18 14:52:41 testserver slapd[24792]: conn=3 op=1 RESULT tag=101 err=32 text=
Oct 18 14:52:41 testserver slapd[24794]: conn=3 op=2 UNBIND
Oct 18 14:52:41 testserver slapd[24794]: conn=3 fd=12 closed
Now I start with
RAServer init/Import configuration:
testserver:/etc/openldap # [18/Oct/2002 14:53:22 23860] [info] Connection to child 0
established (server ra.intern.results-hannover.de:443, client 192.168.10.11)
[18/Oct/2002 14:53:22 23860] [info] Seeding PRNG with 1160 bytes of entropy
[18/Oct/2002 14:53:22 23860] [info] Connection: Client IP: 192.168.10.11, Protocol:
SSLv3, Cipher: RC4-MD5 (128/128 bits)
[18/Oct/2002 14:53:22 23860] [info] Initial (No.1) HTTPS request received for child 0
(server ra.intern.results-hannover.de:443)
Oct 18 14:53:49 testserver slapd[24790]: daemon: conn=4 fd=12 connection from
IP=192.168.251.210:1095 (IP=0.0.0.0:389) accepted.
Oct 18 14:53:49 testserver slapd[24793]: conn=4 op=0 BIND dn="cn=LDAP
Manager,dc=results-hannover,dc=de" method=128
Oct 18 14:53:49 testserver slapd[24793]: conn=4 op=0 RESULT tag=97 err=2
text=requested protocol version not allowed
Oct 18 14:53:49 testserver slapd[24790]: conn=4 fd=12 closed
Oct 18 14:53:49 testserver slapd[24790]: daemon: conn=5 fd=12 connection from
IP=192.168.251.210:1096 (IP=0.0.0.0:389) accepted.
Oct 18 14:53:49 testserver slapd[24792]: conn=5 op=0 BIND dn="cn=LDAP
Manager,dc=results-hannover,dc=de" method=128
Oct 18 14:53:49 testserver slapd[24792]: conn=5 op=0 RESULT tag=97 err=2
text=requested protocol version not allowed
Oct 18 14:53:49 testserver slapd[24790]: conn=5 fd=12 closed
[18/Oct/2002:14:53:50 +0200] 192.168.10.11 SSLv3 RC4-MD5 "GET
/cgi-bin/online/Admin?cmd=importConfig HTTP/1.0" 1875
[18/Oct/2002 14:53:50 23860] [info] Connection to child 0 closed with standard
shutdown (server ra.intern.results-hannover.de:443, client 192.168.10.11)
And the webinterface shows:
Importing the RBAC-configuration ... Ok.
LDAP-support is activated
Automatic LDAP-update is activated
Importing valid CA_CERTIFICATE ...
46d0f836ac9b7e8a0704e1f0d859e5c6.pem updated
Importing CA-Certificates into ldap ... Failed in Bind: 2
Cannot write CA-Certificate 46d0f836ac9b7e8a0704e1f0d859e5c6 to
LDAP
Make CA-Certificate available on the server ...OK.
Re-Building CA Chain ... Ok.
Clean up ...Ok.
