Re: CA cert installed/imported but they are not trusted

Fri, 09 Apr 2010 03:09:51 -0700 

Hi,

not yet. I'm still not total familier with the different "checking
methods". So thanks for your suggestion.

ldap master -> ldap slave

[r...@ldap1 ~]# openssl s_client -connect ldap2.filmakademie.de:389
-showcerts -CAfile /etc/openldap/CA_falu/CA.pem
CONNECTED(00000003)
5063:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:

ldap master -> ldap master

[r...@ldap1 ~]# openssl s_client -connect ldap1.filmakademie.de:389
-showcerts -CAfile /etc/openldap/CA_falu/CA.pem
CONNECTED(00000003)
5066:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:

What the hell ... hmm. What may be missing/wrong?

Regards,

        Götz


Am 09.04.10 08:48, schrieb aravamudan ranganathan:
> Did you check with openssll s_client  ?
> 
> Just try openssl s_client -connect hostname:port -showcerts -CAfile <
> CAceritificate>
> Regards
> Arava
> 
> On Thu, Apr 8, 2010 at 7:25 PM, Götz Reinicke - IT Koordinator
> <goetz.reini...@filmakademie.de <mailto:goetz.reini...@filmakademie.de>>
> wrote:
> 
>     Hallo and one more thing,
> 
>     recently I started to set up a master/slave OpenLDAP system with
>     tls/certs. (Red Hat 5.x, openssl-0.9.8e-12, openldap-2.3.43-3 )
> 
>     For that pourpose I set up a CA, generated certs, requests and keys,
>     installed tham on the corresponding servers and my OS X client and my
>     ldapservers communicate nearly as I expected.
> 
>     So dose my local ldap client (Apache Directory Studio (ADS) on mac OS X
>     10.6.x ).
> 
>     Nearly, because the servers and the ADS client both alert me, that I use
>     invalide certificates and the cerificate can't be validated.
> 
>     But I have e.g. on the Mac imported my ca cert in the Macs keychain
>     (once for sytem resp. for login) and the use for everything (ssl, IPsec,
>     X.509, ...) is set to trust.
> 
>     May be I did something wrong or what may I check and how?
> 
>     Thanks a lot and best regards,
> 
>            Götz


-- 
Götz Reinicke
IT-Koordinator

Tel. +49 7141 969 420
Fax  +49 7141 969 55 420
E-Mail goetz.reini...@filmakademie.de

Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzende des Aufsichtsrats:
Prof. Dr. Claudia Hübner

Geschäftsführer:
Prof. Thomas Schadt
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to