openLDAP ssl/tls Centos 6.3
Katerina Bubenickova
katerina.bubenickova na plbohnice.cz
Středa Březen 12 12:40:32 CET 2014
> Samozřejmě, že to zůstane "viset". Je to server, který čeká, až se s
ním
> někdo na jmenovaném portu spojí. Proto můj dotaz pokračoval:
> > > ... a pak se s ním spojíte pomocí openssl s_client na ten port?
Jsem to na poprvé nepochopila, děkuju za trpělivost:
> [root na test-LDAP log]# openssl s_client -connect localhost:12345
> CONNECTED(00000003)
> depth=1 DC = cz, DC = plbohnice, CN = PNB CA cert
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> ---
> Certificate chain
> 0 s:/CN=test-LDAP.bohnice.cz
> i:/DC=cz/DC=plbohnice/CN=PNB CA cert
> 1 s:/DC=cz/DC=plbohnice/CN=PNB CA cert
> i:/DC=cz/DC=plbohnice/CN=PNB CA cert
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIIB2TCCAUKgAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwRTESMBAGCgmSJomT8ixk
> ARkWAmN6MRkwFwYKCZImiZPyLGQBGRYJcGxib2huaWNlMRQwEgYDVQQDEwtQTkIg
> Q0EgY2VydDAeFw0xNDAzMTExMzE3NTFaFw0yNDAzMTExMzE3NTFaMB8xHTAbBgNV
> BAMTFHRlc3QtTERBUC5ib2huaWNlLmN6MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
> iQKBgQCjOlL2ISwBtM598LVgkjfRNga38lD0HixfHoEZZrfjq5DyPdulPKEbrfFF
> LgoTrlMtZVHtE9EXYUK7aow+cF757hAgZuxE9udutlH6kv2QyADf/2HPE1HH9A/A
> QU30w0aXD0p6Vq20euScQSI9rODU/T/3Ohtf8Mgfw1osZzqgfQIDAQABMA0GCSqG
> SIb3DQEBBQUAA4GBAMecLhOWCeivBfTLZGk52fZO3Ftn0iVe/WYBKO70ZxDE7gE5
> TMyz7RYbKy5dJFt2HNvXQip7bjhxZ9S/1rMGQR2NR81VLU0EOTfTdWNCCx4tfb88
> P442tysDjywWrutHNcbHH3/deiC4QEIBYRdARr75KvT42fzVNbklmV1YKSrd
> -----END CERTIFICATE-----
> subject=/CN=test-LDAP.bohnice.cz
> issuer=/DC=cz/DC=plbohnice/CN=PNB CA cert
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 1164 bytes and written 453 bytes
> ---
> New, TLSv1/SSLv3, Cipher is AES128-GCM-SHA256
> Server public key is 1024 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
> Protocol : TLSv1.2
> Cipher : AES128-GCM-SHA256
> Session-ID:
1CC9605C46AE6BA923BDB5AF7D3C4819FEFC1D17E0247A274F02DB5FBADA1817
> Session-ID-ctx:
> Master-Key:
4CBFA15757A7A549F41D4A2758A28379D5107E52AF31B7E637A7F3D4DE4FE2F74989F11D5556985F0FEF59BC25C277D2
> Key-Arg : None
> Krb5 Principal: None
> PSK identity: None
> PSK identity hint: None
> Start Time: 1394624079
> Timeout : 300 (sec)
> Verify return code: 19 (self signed certificate in certificate
chain)
Další informace o konferenci Linux