Re: SSL connection between client and server!

[Bill Södermark]

citerar [EMAIL PROTECTED]:

> Hello all!
> 
> On my Linux machine, I've installed Samba with SSL support, created my own
> CA ( myCA). I noticed that in the samba configuration file, you should give
> paths for CAcert, server cert and client cert. I don't know what's the main
> point here. I have also created client certificates and tried to setup
> connection from client to server. On my machine:
> 
> le01:/usr/local/samba/bin # ./smbclient //le01/tmp
> Enter PEM pass phrase:
> added interface ip=53.141.196.100 bcast=53.141.196.127
> nmask=255.255.255.224
> SSL: Certificate OK: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=MyCA
> SSL: Certificate OK: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=MyCA

I think CN in your certificate should be your domain name? could be it.

> SSL: negotiated cipher: DES-CBC3-SHA
> Password:
> Anonymous login successful
> Domain=[WORKGROUP] OS=[Unix] Server=[Samba 2.0.7]
> smb: \>                                       
> 
> On the client:
> 
> darkmoon:/usr/local/samba/bin # ./smbclient //le01/tmp
> load_client_codepage: filename /usr/local/samba/lib/codepages/codepage.850
> does
> not exist.
> load_unicode_map: filename /usr/local/samba/lib/codepages/unicode_map.850
> does not exist.
> Enter PEM pass phrase:
> added interface ip=53.141.196.102 bcast=53.141.196.127
> nmask=255.255.255.224
> Got a positive name query response from 53.141.196.100 ( 53.141.196.100 )
> SSL: Cert error: unknown error 19 in /C=AU/ST=Some-State/O=Internet Widgits
> Pty
> Ltd/CN=MyCA
> SSL: negotiated cipher: DES-CBC3-SHA
> Password:
> Anonymous login successful
> Domain=[WORKGROUP] OS=[Unix] Server=[Samba 2.0.7]
> 
> What's wrong about my configuration? Should client have a trusted CA list
> or
> something like that, if so where I'll put it? 
> 
> I've setup sslproxy on the client machine, what's the relation between
> smbclient and sslproxy? I couldn't understand the difference exactly.
> 
> Any suggestion?
> 
> Thanks,
> 
> Selma Tekir
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
> 


/Bill



Bill Södermark
Work phone : +46(0)8 719 37 48
Cellphone    : +46(0)706 58 27 10


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]