openLDAP ssl/tls Centos 6.3

Katerina Bubenickova katerina.bubenickova na plbohnice.cz
Úterý Březen 11 16:47:20 CET 2014 

On Tue, 2014-03-11 at 16:36 +0100, Pavel Kankovsky wrote:
> 
> To nejspíš znamená, že chyba je na straně serveru. Takže nejdůležitější

> otázka zní: co server píše do logu?
> 

> Mar 11 16:27:40 test-LDAP slapd[5697]: @(#) $OpenLDAP: slapd 2.4.23
(Feb  3 2014 19:11:35) $#012#011mockbuild na c6b10.bsys.dev.centos.o
>
rg:/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
> Mar 11 16:27:40 test-LDAP slapd[5698]: slapd starting
> Mar 11 16:27:50 test-LDAP slapd[5698]: conn=1000 fd=14 ACCEPT from
IP=172.19.11.229:36117 (IP=0.0.0.0:636)
> Mar 11 16:27:50 test-LDAP slapd[5698]: conn=1000 fd=14 closed (TLS
negotiation failure)


a ještě jsem se naučila jeden příkaz 


> [root na test-LDAP openldap]# certutil -d /etc/openldap/certs -L -n
Server-Cert
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 1001 (0x3e9)
>         Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
>         Issuer: "CN=PNB CA cert,DC=plbohnice,DC=cz"
>         Validity:
>             Not Before: Tue Mar 11 13:17:51 2014
>             Not After : Mon Mar 11 13:17:51 2024
>         Subject: "CN=test-LDAP.bohnice.cz"
>         Subject Public Key Info:
>             Public Key Algorithm: PKCS #1 RSA Encryption
>             RSA Public Key:
>                 Modulus:
>                    xxx
>                 Exponent: 65537 (0x10001)
>     Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
>     Signature:
>         xxx
>     Fingerprint (MD5):
>         7F:83:53:96:B1:27:43:33:0F:BF:1F:7C:D3:84:7E:12
>     Fingerprint (SHA1):
>         27:DE:2B:8B:48:87:B5:F9:29:F8:BE:24:04:72:EC:D3:5B:07:AE:2B
> 
>     Certificate Trust Flags:
>         SSL Flags:
>             User
>         Email Flags:
>             User
>         Object Signing Flags:
>             User
> 
> [root na test-LDAP openldap]# certutil -d /etc/openldap/certs -L -n "CA
certificate"
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 1000 (0x3e8)
>         Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
>         Issuer: "CN=PNB CA cert,DC=plbohnice,DC=cz"
>         Validity:
>             Not Before: Tue Mar 11 13:14:57 2014
>             Not After : Mon Mar 11 13:14:57 2024
>         Subject: "CN=PNB CA cert,DC=plbohnice,DC=cz"
>         Subject Public Key Info:
>             Public Key Algorithm: PKCS #1 RSA Encryption
>             RSA Public Key:
>                 Modulus:
>                   xxx
>                 Exponent: 65537 (0x10001)
>         Signed Extensions:
>             Name: Certificate Basic Constraints
>             Data: Is a CA with no maximum path length.
> 
>     Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
>     Signature:
>        xxx
>     Fingerprint (MD5):
>         xxx
>     Fingerprint (SHA1):
>         xxx
>     Certificate Trust Flags:
>         SSL Flags:
>             Valid CA
>             Trusted CA
>             User
>             Trusted Client CA
>         Email Flags:
>             User
>         Object Signing Flags:
>             User


A v tom taky nevidím problém - ledaže by vadilo, že nesouhlasí Issuer a
Subject CN v Server-Cert ??

Další informace o konferenci Linux