[Fedora-directory-users] CA certificate format
Jonathan Barber
jon at compbio.dundee.ac.uk
Wed Apr 4 08:37:18 UTC 2007
On Tue, Apr 03, 2007 at 09:44:43PM +0200, Yoram Kahana wrote:
> Hi Richard,
>
> Thanks for your answer, This is my problem, i cant see any mismatch. Do you
> know of any other possibilities or ways of debug it?
You can try running the openldap ldapsearch client with the "-d"
argument for extra debugging goodness. See the loglevel directive in
slapd.conf(5) for acceptable levels.
Example truncated output from ldapsearch from package 2.2.26-5ubuntu2.2:
# ldapsearch -h ldap.fqdn -ZZ -d 1 -b "" -s base -x
...
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 1, err: 0, subject: [cert subject data removed]
TLS certificate verification: depth: 0, err: 0, subject: [cert subject data removed]
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server certificate request A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client certificate A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A
...
This will at least tell you what the command is really doing, and what it
thinks the subject of the cert is.
You should use whatever hostname is contained in the cert (either in the
subject or subjectaltname fields) otherwise it'll quite rightly reject
you.
If your client isn't based on the openldap implementation, then you'll
have to debug it using a client based on whatever implementation you are
using. Without knowing more about your client and ssl libraries it's
hard to suggest what might be broken in their configuration.
> Thanks in advance
> Yoram
>
> On 4/2/07, Richard Megginson <rmeggins at redhat.com> wrote:
> >
> >Yoram Kahana wrote:
> >> Hi Richard,
> >>
> >> Indeed it solved one of the problems, I didnt hash the ca certificte
> >> in the client side.
> >> now i am getting new message
> >>
> >> TLS: *hostname does not match CN in peer certificate*
> >>
> >> ** if i understand the meaning the CN and the hostname are not
> >> identical but thats not the situation now.
> >>
> >The CN in the server cert is CN=r1-ows-07.rocaf.org - the server is
> >running on r1-ows-07.rocaf.org?
> >
> >The error message means there is a mismatch somewhere.
> >>
> >>
> >> I have also tried the opensll s_client -debug -connect (the output is
> >> enclosed)
> >> seems that throgh the openssl it works fine, where am i wrong?
> >>
> >> Can you see if you have any clue
> >> great thanks
> >> Yoram
> >>
> >>
> >>
> >> On 3/28/07, *Richard Megginson* <rmeggins at redhat.com
> >> <mailto:rmeggins at redhat.com>> wrote:
> >>
> >> Yoram Kahana wrote:
> >> > Hi
> >> >
> >> > Does anyone has an idea on which format should i save the ca
> >> > certificate in the clients (for SSL communication) ?
> >> > Is it PEM, DER, BER
> >> It depends - what client are you trying to configure? Did you see
> >> this
> >> -
> >>
> >http://directory.fedora.redhat.com/wiki/Howto:SSL#Configure_LDAP_clients
> >> >
> >> >
> >> > Thanks in advance
> >> >
> >> > Yoram
> >> >
> >>
> >------------------------------------------------------------------------
> >>
> >> >
> >> > --
> >> > Fedora-directory-users mailing list
> >> > Fedora-directory-users at redhat.com
> >> <mailto:Fedora-directory-users at redhat.com>
> >> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >> >
> >>
> >> --
> >> Fedora-directory-users mailing list
> >> Fedora-directory-users at redhat.com
> >> <mailto:Fedora-directory-users at redhat.com>
> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>
> >>
> >>
> >> ------------------------------------------------------------------------
> >>
> >>
> >> openssl s_client -debug -connect r1-ows-07:636
> >> CONNECTED(00000003)
> >> write to 00675450 [00675F50] (142 bytes => 142 (0x8E))
> >> 0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ......c...
> >..9..
> >> 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0
> >8..5............
> >> 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00
> >..3..2../.....f.
> >> 0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00
> >.............c..
> >> 0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40
> >b..a...........@
> >> 0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00
> >..e..d..`.......
> >> 0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 24 9c
> >..............$.
> >> 0070 - 49 e8 7b b6 bf 6a 36 4a-4a f8 04 25 d9 b8 a7 8e
> >I.{..j6JJ..%....
> >> 0080 - 57 d7 67 c2 3a 6d 72 d0-d9 37 3f f5 ac 07 W.g.:mr..7?...
> >> read from 00675450 [0067B4B0] (7 bytes => 7 (0x7))
> >> 0000 - 16 03 01 08 23 02 ....#.
> >> 0007 - <SPACES/NULS>
> >> read from 00675450 [0067B4B7] (2081 bytes => 1441 (0x5A1))
> >> 0000 - 00 46 03 01 00 28 82 f7-c8 e3 77 83 de 5f 86 53
> >.F...(....w.._.S
> >> 0010 - 5d 5a 76 33 04 fe bd a6-b8 02 ee 88 c4 bd e8 6c
> >]Zv3...........l
> >> 0020 - 18 b9 ee f6 20 22 92 d7-0e b4 ae aa df c2 83 b7 ....
> >"..........
> >> 0030 - 07 22 94 af 91 d8 2a 92-da 0c d6 3e d5 7a ee 8f
> >."....*....>.z..
> >> 0040 - 7f 26 28 3a 56 00 35 00-0b 00 06 dd 00 06 da 00 .&(:V.5........
> >.
> >> 0050 - 03 6e 30 82 03 6a 30 82-02 d3 a0 03 02 01 02 02
> >.n0..j0.........
> >> 0060 - 01 01 30 0d 06 09 2a 86-48 86 f7 0d 01 01 04 05
> >..0...*.H.......
> >> 0070 - 00 30 81 83 31 0b 30 09-06 03 55 04 06 13 02 49
> >.0..1.0...U....I
> >> 0080 - 4c 31 0f 30 0d 06 03 55-04 08 13 06 49 73 72 61
> >L1.0...U....Isra
> >> 0090 - 65 6c 31 10 30 0e 06 03-55 04 07 13 07 54 65 6c
> >el1.0...U....Tel
> >> 00a0 - 41 76 69 76 31 11 30 0f-06 03 55 04 0a 13 08 4e
> >Aviv1.0...U....N
> >> 00b0 - 65 73 73 20 4c 74 64 31-0e 30 0c 06 03 55 04 0b ess Ltd1.0...U.
> >.
> >> 00c0 - 13 05 4c 4d 41 44 53 31-0e 30 0c 06 03 55 04 03
> >..LMADS1.0...U..
> >> 00d0 - 13 05 59 6f 72 61 6d 31-1e 30 1c 06 09 2a 86 48
> >..Yoram1.0...*.H
> >> 00e0 - 86 f7 0d 01 09 01 16 0f-79 6f 72 61 6d 40 62 61
> >........yoram at ba
> >> 00f0 - 6d 61 6d 2e 63 6f 6d 30-1e 17 0d 30 37 30 33 32
> >mam.com0...07032
> >> 0100 - 39 31 33 35 31 35 35 5a-17 0d 30 38 30 33 32 38
> >9135155Z..080328
> >> 0110 - 31 33 35 31 35 35 5a 30-5f 31 0b 30 09 06 03 55
> >135155Z0_1.0...U
> >> 0120 - 04 06 13 02 49 4c 31 0f-30 0d 06 03 55 04 08 13
> >....IL1.0...U...
> >> 0130 - 06 49 73 72 61 65 6c 31-11 30 0f 06 03 55 04 0a
> >.Israel1.0...U..
> >> 0140 - 13 08 4e 65 73 73 20 4c-74 64 31 0e 30 0c 06 03 ..Ness Ltd1.0..
> >.
> >> 0150 - 55 04 0b 13 05 4c 4d 41-44 53 31 1c 30 1a 06 03
> >U....LMADS1.0...
> >> 0160 - 55 04 03 13 13 72 31 2d-6f 77 73 2d 30 37 2e 72 U....r1-
> >ows-07.r
> >> 0170 - 6f 63 61 66 2e 6f 72 67-30 81 9f 30 0d 06 09 2a
> >ocaf.org0..0...*
> >> 0180 - 86 48 86 f7 0d 01 01 01-05 00 03 81 8d 00 30 81
> >.H............0.
> >> 0190 - 89 02 81 81 00 c5 12 31-28 e2 de c6 4a 3d 59 7e
> >.......1(...J=Y~
> >> 01a0 - d8 f2 c4 5e ca 00 6a 08-52 c1 58 ce 3a 38 dc 58 ...^..j.R.X.:
> >8.X
> >> 01b0 - 7d 0b c9 83 5d 9e 77 bc-09 9f c4 6e 5a 54 19 ff
> >}...].w....nZT..
> >> 01c0 - 7b 3f 14 6b 40 51 ed 42-ba 34 d8 89 49 07 21 2b {?.k@
> >Q.B.4..I.!+
> >> 01d0 - 89 4f bf 9c 5c 15 1b 61-03 1f 2f 95 b3 23 1b 6f
> >.O..\..a../..#.o
> >> 01e0 - c2 a9 a2 21 17 ab 62 10-ef 27 27 ae d8 46 84 4b
> >...!..b..''..F.K
> >> 01f0 - 86 b6 f2 8d b1 3e 45 0d-16 1a 8e 99 90 6d a4 5e
> >.....>E......m.^
> >> 0200 - 6e 9a f6 f2 b5 d0 fb cb-c2 ec f0 a3 7a 5b 20 59 n...........z[
> >Y
> >> 0210 - 02 00 13 80 0f 02 03 01-00 01 a3 82 01 0f 30 82
> >..............0.
> >> 0220 - 01 0b 30 09 06 03 55 1d-13 04 02 30 00 30 2c 06
> >..0...U....0.0,.
> >> 0230 - 09 60 86 48 01 86 f8 42-01 0d 04 1f 16 1d 4f 70
> >.`.H...B......Op
> >> 0240 - 65 6e 53 53 4c 20 47 65-6e 65 72 61 74 65 64 20 enSSL Generated
> >> 0250 - 43 65 72 74 69 66 69 63-61 74 65 30 1d 06 03 55
> >Certificate0...U
> >> 0260 - 1d 0e 04 16 04 14 f8 72-da cb af d2 d8 e1 18 17
> >.......r........
> >> 0270 - ec 9e 80 10 89 d1 13 07-a6 e3 30 81 b0 06 03 55
> >..........0....U
> >> 0280 - 1d 23 04 81 a8 30 81 a5-80 14 26 9a 3c 03 60 32
> >.#...0....&.<.`2
> >> 0290 - a4 25 36 ce 56 ae 33 a1-30 45 e2 85 27 a2 a1 81
> >.%6.V.3.0E..'...
> >> 02a0 - 89 a4 81 86 30 81 83 31-0b 30 09 06 03 55 04 06
> >....0..1.0...U..
> >> 02b0 - 13 02 49 4c 31 0f 30 0d-06 03 55 04 08 13 06 49
> >..IL1.0...U....I
> >> 02c0 - 73 72 61 65 6c 31 10 30-0e 06 03 55 04 07 13 07 srael1.0...U...
> >.
> >> 02d0 - 54 65 6c 41 76 69 76 31-11 30 0f 06 03 55 04 0a TelAviv1.0...U.
> >.
> >> 02e0 - 13 08 4e 65 73 73 20 4c-74 64 31 0e 30 0c 06 03 ..Ness Ltd1.0..
> >.
> >> 02f0 - 55 04 0b 13 05 4c 4d 41-44 53 31 0e 30 0c 06 03
> >U....LMADS1.0...
> >> 0300 - 55 04 03 13 05 59 6f 72-61 6d 31 1e 30 1c 06 09
> >U....Yoram1.0...
> >> 0310 - 2a 86 48 86 f7 0d 01 09-01 16 0f 79 6f 72 61 6d
> >*.H........yoram
> >> 0320 - 40 62 61 6d 61 6d 2e 63-6f 6d 82 01 00 30 0d 06 @bamam.com...0.
> >.
> >> 0330 - 09 2a 86 48 86 f7 0d 01-01 04 05 00 03 81 81 00
> >.*.H............
> >> 0340 - 88 38 ad c8 e4 df c9 85-68 2f e6 8b d0 1f 37 fd
> >.8......h/....7.
> >> 0350 - c4 7d 0c ca 01 5f 58 fb-3d 00 d4 f0 d0 f3 fe bb
> >.}..._X.=.......
> >> 0360 - e5 7f e2 44 6f 8c 43 7a-9f cc d6 6b 85 40 9c 04
> >...Do.Cz...k. at ..
> >> 0370 - 22 20 28 32 bf f9 d9 a5-85 e3 62 7a fb e7 2c 54 "
> >(2......bz..,T
> >> 0380 - 7a 45 bc b8 a9 4e ce 9e-9d 87 37 d0 06 4b 06 c7
> >zE...N....7..K..
> >> 0390 - 51 d4 27 c9 77 f7 e7 c2-2d ac 3d bb 4e 43 df 69
> >Q.'.w...-.=.NC.i
> >> 03a0 - b8 54 8c 80 4e 86 d7 a0-86 3a c2 a3 7d 15 ab 31
> >.T..N....:..}..1
> >> 03b0 - 3f 19 6a d7 09 bb 89 5b-ce 30 83 33 4c 7a bc 5c
> >?.j....[.0.3Lz.\
> >> 03c0 - 00 03 66 30 82 03 62 30-82 02 cb a0 03 02 01 02
> >..f0..b0........
> >> 03d0 - 02 01 00 30 0d 06 09 2a-86 48 86 f7 0d 01 01 04
> >...0...*.H......
> >> 03e0 - 05 00 30 81 83 31 0b 30-09 06 03 55 04 06 13 02
> >..0..1.0...U....
> >> 03f0 - 49 4c 31 0f 30 0d 06 03-55 04 08 13 06 49 73 72
> >IL1.0...U....Isr
> >> 0400 - 61 65 6c 31 10 30 0e 06-03 55 04 07 13 07 54 65
> >ael1.0...U....Te
> >> 0410 - 6c 41 76 69 76 31 11 30-0f 06 03 55 04 0a 13 08 lAviv1.0...U...
> >.
> >> 0420 - 4e 65 73 73 20 4c 74 64-31 0e 30 0c 06 03 55 04 Ness Ltd1.0...U
> >.
> >> 0430 - 0b 13 05 4c 4d 41 44 53-31 0e 30 0c 06 03 55 04
> >...LMADS1.0...U.
> >> 0440 - 03 13 05 59 6f 72 61 6d-31 1e 30 1c 06 09 2a 86
> >...Yoram1.0...*.
> >> 0450 - 48 86 f7 0d 01 09 01 16-0f 79 6f 72 61 6d 40 62
> >H........yoram at b
> >> 0460 - 61 6d 61 6d 2e 63 6f 6d-30 1e 17 0d 30 37 30 33
> >amam.com0...0703
> >> 0470 - 32 39 31 33 35 31 33 34-5a 17 0d 30 38 30 33 32
> >29135134Z..08032
> >> 0480 - 38 31 33 35 31 33 34 5a-30 81 83 31 0b 30 09 06
> >8135134Z0..1.0..
> >> 0490 - 03 55 04 06 13 02 49 4c-31 0f 30 0d 06 03 55 04
> >.U....IL1.0...U.
> >> 04a0 - 08 13 06 49 73 72 61 65-6c 31 10 30 0e 06 03 55
> >...Israel1.0...U
> >> 04b0 - 04 07 13 07 54 65 6c 41-76 69 76 31 11 30 0f 06
> >....TelAviv1.0..
> >> 04c0 - 03 55 04 0a 13 08 4e 65-73 73 20 4c 74 64 31 0e .U....Ness
> >Ltd1.
> >> 04d0 - 30 0c 06 03 55 04 0b 13-05 4c 4d 41 44 53 31 0e
> >0...U....LMADS1.
> >> 04e0 - 30 0c 06 03 55 04 03 13-05 59 6f 72 61 6d 31 1e
> >0...U....Yoram1.
> >> 04f0 - 30 1c 06 09 2a 86 48 86-f7 0d 01 09 01 16 0f 79
> >0...*.H........y
> >> 0500 - 6f 72 61 6d 40 62 61 6d-61 6d 2e 63 6f 6d 30 81 oram at bamam.com0
> >.
> >> 0510 - 9f 30 0d 06 09 2a 86 48-86 f7 0d 01 01 01 05 00
> >.0...*.H........
> >> 0520 - 03 81 8d 00 30 81 89 02-81 81 00 a1 9c f4 b7 8b
> >....0...........
> >> 0530 - 80 35 c5 b7 60 73 da bb-01 7d 33 36 74 1f 67 5d
> >.5..`s...}36t.g]
> >> 0540 - eb ff b5 ca 79 1a 1b 3a-9d ce da 62 4c c8 19 0b
> >....y..:...bL...
> >> 0550 - 80 e0 7c 4a 4f bb 8f 59-05 b7 a8 c2 ae 5b fe 7c
> >..|JO..Y.....[.|
> >> 0560 - 74 91 e5 cf d3 54 3b 4e-88 24 50 84 24 b2 16 d8
> >t....T;N.$P.$...
> >> 0570 - 9c 1d bd 8c 31 8b d7 28-df 06 24 a8 e1 76 b7 72
> >....1..(..$..v.r
> >> 0580 - ee 37 75 e2 89 84 b7 ed-51 76 2c b3 1a eb 6c 5c
> >.7u.....Qv,...l\
> >> 0590 - 64 87 7d 3a 12 39 4b c0-23 fa a8 63 0e a0 77 c8
> >d.}:.9K.#..c..w.
> >> 05a0 - 4d M
> >> read from 00675450 [0067BA58] (640 bytes => 640 (0x280))
> >> 0000 - 9c b7 59 cc 06 a3 ad 79-6c 53 02 03 01 00 01 a3
> >..Y....ylS......
> >> 0010 - 81 e3 30 81 e0 30 1d 06-03 55 1d 0e 04 16 04 14
> >..0..0...U......
> >> 0020 - 26 9a 3c 03 60 32 a4 25-36 ce 56 ae 33 a1 30 45
> >&.<.`2.%6.V.3.0E
> >> 0030 - e2 85 27 a2 30 81 b0 06-03 55 1d 23 04 81 a8 30
> >..'.0....U.#...0
> >> 0040 - 81 a5 80 14 26 9a 3c 03-60 32 a4 25 36 ce 56 ae
> >....&.<.`2.%6.V.
> >> 0050 - 33 a1 30 45 e2 85 27 a2-a1 81 89 a4 81 86 30 81 3.0E..'.......0
> >.
> >> 0060 - 83 31 0b 30 09 06 03 55-04 06 13 02 49 4c 31 0f
> >.1.0...U....IL1.
> >> 0070 - 30 0d 06 03 55 04 08 13-06 49 73 72 61 65 6c 31
> >0...U....Israel1
> >> 0080 - 10 30 0e 06 03 55 04 07-13 07 54 65 6c 41 76 69
> >.0...U....TelAvi
> >> 0090 - 76 31 11 30 0f 06 03 55-04 0a 13 08 4e 65 73 73
> >v1.0...U....Ness
> >> 00a0 - 20 4c 74 64 31 0e 30 0c-06 03 55 04 0b 13 05 4c
> >Ltd1.0...U....L
> >> 00b0 - 4d 41 44 53 31 0e 30 0c-06 03 55 04 03 13 05 59
> >MADS1.0...U....Y
> >> 00c0 - 6f 72 61 6d 31 1e 30 1c-06 09 2a 86 48 86 f7 0d oram1.0...*.H..
> >.
> >> 00d0 - 01 09 01 16 0f 79 6f 72-61 6d 40 62 61 6d 61 6d
> >.....yoram at bamam
> >> 00e0 - 2e 63 6f 6d 82 01 00 30-0c 06 03 55 1d 13 04 05
> >.com...0...U....
> >> 00f0 - 30 03 01 01 ff 30 0d 06-09 2a 86 48 86 f7 0d 01
> >0....0...*.H....
> >> 0100 - 01 04 05 00 03 81 81 00-39 46 ea ff b6 f0 6f 69
> >........9F....oi
> >> 0110 - e4 69 d5 bd a6 d5 86 be-a5 91 a2 53 46 75 db c6
> >.i.........SFu..
> >> 0120 - 5f 60 a1 f8 dc b2 54 27-d5 e6 d5 e1 ad d6 08 cd
> >_`....T'........
> >> 0130 - 42 5a 07 e7 e3 4f 0b 45-23 47 36 98 3e b1 be 09
> >BZ...O.E#G6.>...
> >> 0140 - 12 fe bc 50 e4 1a 93 6d-4a aa d5 56 f4 40 94 26
> >...P...mJ..V. at .&
> >> 0150 - 69 b9 a1 21 3c 04 46 17-84 4b 96 88 1c 20 9b 9a i..!<.F..K...
> >..
> >> 0160 - 5b 6d 33 d6 4d ce 64 1d-15 85 78 3c 2a 1f 33 38 [m3.M.d...x
> ><*.38
> >> 0170 - 96 39 58 39 88 ba 36 cc-af ce 8c 40 fc 45 5a b1
> >.9X9..6.... at .EZ.
> >> 0180 - 65 ba 8c 15 24 d1 52 b6-0d 00 00 f0 02 01 02 00
> >e...$.R.........
> >> 0190 - eb 00 61 30 5f 31 0b 30-09 06 03 55 04 06 13 02
> >..a0_1.0...U....
> >> 01a0 - 55 53 31 20 30 1e 06 03-55 04 0a 13 17 52 53 41 US1
> >0...U....RSA
> >> 01b0 - 20 44 61 74 61 20 53 65-63 75 72 69 74 79 2c 20 Data Security,
> >> 01c0 - 49 6e 63 2e 31 2e 30 2c-06 03 55 04 0b 13 25 53 Inc.1.0
> >,..U...%S
> >> 01d0 - 65 63 75 72 65 20 53 65-72 76 65 72 20 43 65 72 ecure Server
> >Cer
> >> 01e0 - 74 69 66 69 63 61 74 69-6f 6e 20 41 75 74 68 6f tification
> >Autho
> >> 01f0 - 72 69 74 79 00 86 30 81-83 31 0b 30 09 06 03 55
> >rity..0..1.0...U
> >> 0200 - 04 06 13 02 49 4c 31 0f-30 0d 06 03 55 04 08 13
> >....IL1.0...U...
> >> 0210 - 06 49 73 72 61 65 6c 31-10 30 0e 06 03 55 04 07
> >.Israel1.0...U..
> >> 0220 - 13 07 54 65 6c 41 76 69-76 31 11 30 0f 06 03 55
> >..TelAviv1.0...U
> >> 0230 - 04 0a 13 08 4e 65 73 73-20 4c 74 64 31 0e 30 0c ....Ness Ltd1.0
> >.
> >> 0240 - 06 03 55 04 0b 13 05 4c-4d 41 44 53 31 0e 30 0c
> >..U....LMADS1.0.
> >> 0250 - 06 03 55 04 03 13 05 59-6f 72 61 6d 31 1e 30 1c
> >..U....Yoram1.0.
> >> 0260 - 06 09 2a 86 48 86 f7 0d-01 09 01 16 0f 79 6f 72
> >..*.H........yor
> >> 0270 - 61 6d 40 62 61 6d 61 6d-2e 63 6f 6d 0e am at bamam.com.
> >> 0280 - <SPACES/NULS>
> >> depth=1 /C=IL/ST=Israel/L=TelAviv/O=Ness
> >Ltd/OU=LMADS/CN=Yoram/emailAddress=yoram at bamam.com
> >> verify error:num=19:self signed certificate in certificate chain
> >> verify return:0
> >> write to 00675450 [00687150] (12 bytes => 12 (0xC))
> >> 0000 - 16 03 01 00 07 0b 00 00-03 .........
> >> 000c - <SPACES/NULS>
> >> write to 00675450 [00687150] (139 bytes => 139 (0x8B))
> >> 0000 - 16 03 01 00 86 10 00 00-82 00 80 37 d0 c6 7a 6b
> >...........7..zk
> >> 0010 - 54 18 16 df d0 6f 90 8f-b1 8a 45 45 7f 15 47 04
> >T....o....EE..G.
> >> 0020 - 10 ba 23 1a f9 f7 54 50-05 ee 4c e9 79 fe 31 1a
> >..#...TP..L.y.1.
> >> 0030 - e2 c1 4a e9 f5 e2 b9 e1-d5 17 e6 e8 28 a9 ee 76
> >..J.........(..v
> >> 0040 - b9 ce 5f 59 68 62 a3 8c-07 ee e0 0e 91 b4 df 0d
> >.._Yhb..........
> >> 0050 - 71 9b ce 38 d2 4b 3d d9-c4 1f e9 74 0e 96 c5 cb
> >q..8.K=....t....
> >> 0060 - d3 12 57 6c 9a 0c 3b fd-83 3a e4 fd a6 2a ee 8c
> >..Wl..;..:...*..
> >> 0070 - e1 67 eb d2 11 3b 6a 03-9c a0 73 38 10 76 89 f0
> >.g...;j...s8.v..
> >> 0080 - 81 03 dd 91 4d 43 7d 99-f4 a4 b6 ....MC}....
> >> write to 00675450 [00687150] (6 bytes => 6 (0x6))
> >> 0000 - 14 03 01 00 01 01 ......
> >> write to 00675450 [00687150] (53 bytes => 53 (0x35))
> >> 0000 - 16 03 01 00 30 09 40 51-48 34 87 0b 53 20 ff 0d ....0. at QH4..S
> >..
> >> 0010 - 2f 7c 96 04 a6 cc 0d bf-4a 76 b1 4e 4d bb fa 39
> >/|......Jv.NM..9
> >> 0020 - 4b 60 6e 47 3e 87 41 77-9c a2 e3 7b 1b 36 0e 9e
> >K`nG>.Aw...{.6..
> >> 0030 - c6 4c 74 eb 7a .Lt.z
> >> read from 00675450 [0067B4B0] (5 bytes => 5 (0x5))
> >> 0000 - 14 03 01 00 01 .....
> >> read from 00675450 [0067B4B5] (1 bytes => 1 (0x1))
> >> 0000 - 01 .
> >> read from 00675450 [0067B4B0] (5 bytes => 5 (0x5))
> >> 0000 - 16 03 01 00 30 ....0
> >> read from 00675450 [0067B4B5] (48 bytes => 48 (0x30))
> >> 0000 - 75 da a7 8d 28 fb 5d c1-b5 04 0a 9e c1 00 d1 19
> >u...(.].........
> >> 0010 - 9f 74 ff 44 38 4b f3 57-73 e7 f4 0f d1 8b 9c a5
> >.t.D8K.Ws.......
> >> 0020 - 92 39 22 4d 7e 78 c9 66-ff d4 48 81 8a 15 2b e1
> >.9"M~x.f..H...+.
> >> ---
> >> Certificate chain
> >> 0 s:/C=IL/ST=Israel/O=Ness Ltd/OU=LMADS/CN=r1-ows-07.rocaf.org
> >> i:/C=IL/ST=Israel/L=TelAviv/O=Ness
> >Ltd/OU=LMADS/CN=Yoram/emailAddress=yoram at bamam.com
> >> 1 s:/C=IL/ST=Israel/L=TelAviv/O=Ness
> >Ltd/OU=LMADS/CN=Yoram/emailAddress=yoram at bamam.com
> >> i:/C=IL/ST=Israel/L=TelAviv/O=Ness
> >Ltd/OU=LMADS/CN=Yoram/emailAddress=yoram at bamam.com
> >> ---
> >> Server certificate
> >> -----BEGIN CERTIFICATE-----
> >> MIIDajCCAtOgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBgzELMAkGA1UEBhMCSUwx
> >> DzANBgNVBAgTBklzcmFlbDEQMA4GA1UEBxMHVGVsQXZpdjERMA8GA1UEChMITmVz
> >> cyBMdGQxDjAMBgNVBAsTBUxNQURTMQ4wDAYDVQQDEwVZb3JhbTEeMBwGCSqGSIb3
> >> DQEJARYPeW9yYW1AYmFtYW0uY29tMB4XDTA3MDMyOTEzNTE1NVoXDTA4MDMyODEz
> >> NTE1NVowXzELMAkGA1UEBhMCSUwxDzANBgNVBAgTBklzcmFlbDERMA8GA1UEChMI
> >> TmVzcyBMdGQxDjAMBgNVBAsTBUxNQURTMRwwGgYDVQQDExNyMS1vd3MtMDcucm9j
> >> YWYub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFEjEo4t7GSj1Zftjy
> >> xF7KAGoIUsFYzjo43Fh9C8mDXZ53vAmfxG5aVBn/ez8Ua0BR7UK6NNiJSQchK4lP
> >> v5xcFRthAx8vlbMjG2/CqaIhF6tiEO8nJ67YRoRLhrbyjbE+RQ0WGo6ZkG2kXm6a
> >> 9vK10PvLwuzwo3pbIFkCABOADwIDAQABo4IBDzCCAQswCQYDVR0TBAIwADAsBglg
> >> hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
> >> BBYEFPhy2suv0tjhGBfsnoAQidETB6bjMIGwBgNVHSMEgagwgaWAFCaaPANgMqQl
> >> Ns5WrjOhMEXihSeioYGJpIGGMIGDMQswCQYDVQQGEwJJTDEPMA0GA1UECBMGSXNy
> >> YWVsMRAwDgYDVQQHEwdUZWxBdml2MREwDwYDVQQKEwhOZXNzIEx0ZDEOMAwGA1UE
> >> CxMFTE1BRFMxDjAMBgNVBAMTBVlvcmFtMR4wHAYJKoZIhvcNAQkBFg95b3JhbUBi
> >> YW1hbS5jb22CAQAwDQYJKoZIhvcNAQEEBQADgYEAiDityOTfyYVoL+aL0B83/cR9
> >> DMoBX1j7PQDU8NDz/rvlf+JEb4xDep/M1muFQJwEIiAoMr/52aWF42J6++csVHpF
> >> vLipTs6enYc30AZLBsdR1CfJd/fnwi2sPbtOQ99puFSMgE6G16CGOsKjfRWrMT8Z
> >> atcJu4lbzjCDM0x6vFw=
> >> -----END CERTIFICATE-----
> >> subject=/C=IL/ST=Israel/O=Ness Ltd/OU=LMADS/CN=r1-ows-07.rocaf.org
> >> issuer=/C=IL/ST=Israel/L=TelAviv/O=Ness
> >Ltd/OU=LMADS/CN=Yoram/emailAddress=yoram at bamam.com
> >> ---
> >> Acceptable client certificate CA names
> >> /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
> >> /C=IL/ST=Israel/L=TelAviv/O=Ness Ltd/OU=LMADS/CN=Yoram/emailAddress=
> >yoram at bamam.com
> >> ---
> >> SSL handshake has read 2147 bytes and written 352 bytes
> >> ---
> >> New, TLSv1/SSLv3, Cipher is AES256-SHA
> >> Server public key is 1024 bit
> >> SSL-Session:
> >> Protocol : TLSv1
> >> Cipher : AES256-SHA
> >> Session-ID:
> >2292D70EB4AEAADFC283B7072294AF91D82A92DA0CD63ED57AEE8F7F26283A56
> >> Session-ID-ctx:
> >> Master-Key:
> >5D9CC7C076BF70BBAECB1BC1588E666C75EB12956F231AF9B3E2F3F4E164AF7BFEEAC912F7482E286F9C819F199FB3E1
> >> Key-Arg : None
> >> Krb5 Principal: None
> >> Start Time: 1175181192
> >> Timeout : 300 (sec)
> >> Verify return code: 19 (self signed certificate in certificate
> >chain)
> >> ---
> >>
> >>
> >>
> >> ------------------------------------------------------------------------
> >>
> >> --
> >> Fedora-directory-users mailing list
> >> Fedora-directory-users at redhat.com
> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>
> >
> >--
> >Fedora-directory-users mailing list
> >Fedora-directory-users at redhat.com
> >https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
> >
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Jonathan Barber
High Performance Computing Analyst
Tel. +44 (0) 1382 386389
More information about the 389-users
mailing list