httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. Bina" <cr...@earth.northwestern.edu>
Subject Re: [users@httpd] LDAPS authentication failure in Apache2
Date Tue, 18 Oct 2005 14:37:57 GMT
Dmitriy,

No apparent problem with the certificate:

openssl s_client -connect ldap2.itcs.northwestern.edu:636 -verify 10 -CAfile verisign-bundleca.crt
-showcerts </dev/null

Server certificate
subject=/C=US/ST=Illinois/L=Evanston/O=Northwestern University/OU=Information Technology/OU=Terms
of use at www.verisign.com/rpa (c)05/CN=ldap2.itcs.northwestern.edu
issuer=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class
3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
---
Acceptable client certificate CA names
/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS
Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa
(c)00/CN=VeriSign Time Stamping Authority CA
/C=US/ST=Illinois/L=Evanston/O=Northwestern University/OU=Information Technology/CN=nuca/emailAddress=x-dong@northwestern.edu
---
SSL handshake has read 3488 bytes and written 336 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID: 59EE2F15D822D011F814C692B6E9E28F119A38EDCB00C0D6C2DDE6D13B9F3425
    Session-ID-ctx:
    Master-Key: D481102C39A134394D2D3162EF732DC2EC6756F8D7C95BF66D25C7EDA3F05A29039E2449321BBE33B65A35DF3A3FB14A
    Key-Arg   : None
    Start Time: 1129306856
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
DONE

Craig

> On Mon, Oct 17, 2005 at 11:26:51AM -0500, Craig R. Bina wrote:
> > as described on the http://www.freebsd.org/cgi/query-pr.cgi?pr=86416
> > bug report.  Instead, I see a successful:
> > 
> >    [notice] LDAP: Built with OpenLDAP LDAP SDK
> >    [notice] LDAP: SSL support available
> > 
> > and I am already using this declaration:
> > 
> >    LDAPTrustedCAType   BASE64_FILE
> 
> Check your ldap-server certificate:
> openssl verify -CAfile cacert.pem your_cert.crt
> 
> Check CN in certificate and DNS name of ldap server.
> 
> By.
> Dmitriy


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message