openLDAP ssl/tls Centos 6.3

Katerina Bubenickova katerina.bubenickova na plbohnice.cz
Středa Březen 12 12:40:32 CET 2014 

> Samozřejmě, že to zůstane "viset". Je to server, který čeká, až se s
ním 
> někdo na jmenovaném portu spojí. Proto můj dotaz pokračoval:
> > > ... a pak se s ním spojíte pomocí openssl s_client na ten port?

Jsem to na poprvé nepochopila, děkuju za trpělivost:

> [root na test-LDAP log]# openssl s_client -connect localhost:12345
> CONNECTED(00000003)
> depth=1 DC = cz, DC = plbohnice, CN = PNB CA cert
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> ---
> Certificate chain
>  0 s:/CN=test-LDAP.bohnice.cz
>    i:/DC=cz/DC=plbohnice/CN=PNB CA cert
>  1 s:/DC=cz/DC=plbohnice/CN=PNB CA cert
>    i:/DC=cz/DC=plbohnice/CN=PNB CA cert
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIIB2TCCAUKgAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwRTESMBAGCgmSJomT8ixk
> ARkWAmN6MRkwFwYKCZImiZPyLGQBGRYJcGxib2huaWNlMRQwEgYDVQQDEwtQTkIg
> Q0EgY2VydDAeFw0xNDAzMTExMzE3NTFaFw0yNDAzMTExMzE3NTFaMB8xHTAbBgNV
> BAMTFHRlc3QtTERBUC5ib2huaWNlLmN6MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
> iQKBgQCjOlL2ISwBtM598LVgkjfRNga38lD0HixfHoEZZrfjq5DyPdulPKEbrfFF
> LgoTrlMtZVHtE9EXYUK7aow+cF757hAgZuxE9udutlH6kv2QyADf/2HPE1HH9A/A
> QU30w0aXD0p6Vq20euScQSI9rODU/T/3Ohtf8Mgfw1osZzqgfQIDAQABMA0GCSqG
> SIb3DQEBBQUAA4GBAMecLhOWCeivBfTLZGk52fZO3Ftn0iVe/WYBKO70ZxDE7gE5
> TMyz7RYbKy5dJFt2HNvXQip7bjhxZ9S/1rMGQR2NR81VLU0EOTfTdWNCCx4tfb88
> P442tysDjywWrutHNcbHH3/deiC4QEIBYRdARr75KvT42fzVNbklmV1YKSrd
> -----END CERTIFICATE-----
> subject=/CN=test-LDAP.bohnice.cz
> issuer=/DC=cz/DC=plbohnice/CN=PNB CA cert
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 1164 bytes and written 453 bytes
> ---
> New, TLSv1/SSLv3, Cipher is AES128-GCM-SHA256
> Server public key is 1024 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
>     Protocol  : TLSv1.2
>     Cipher    : AES128-GCM-SHA256
>     Session-ID:
1CC9605C46AE6BA923BDB5AF7D3C4819FEFC1D17E0247A274F02DB5FBADA1817
>     Session-ID-ctx: 
>     Master-Key:
4CBFA15757A7A549F41D4A2758A28379D5107E52AF31B7E637A7F3D4DE4FE2F74989F11D5556985F0FEF59BC25C277D2
>     Key-Arg   : None
>     Krb5 Principal: None
>     PSK identity: None
>     PSK identity hint: None
>     Start Time: 1394624079
>     Timeout   : 300 (sec)
>     Verify return code: 19 (self signed certificate in certificate
chain)

Další informace o konferenci Linux