[389-users] SSL connection based on cert
Rich Megginson
rmeggins at redhat.com
Fri Aug 31 17:44:44 UTC 2012
On 08/31/2012 11:38 AM, Alberto Viana wrote:
> Hi,
>
> I´m tyring to test a SSL connection from one server(linux) to 389DS
> using openssl:
>
>
> openssl s_client -connect MY_389_SERVER:636 -cert local_server.crt
> -key local_server.key -CAfile CA-AD.crt
>
> And I got this error on my 389DS log:
>
> [31/Aug/2012:14:04:57 -0300] conn=146531 Netscape Portable Runtime
> error -8101 (Certificate type not approved for application.);
> unauthenticated client E=email at email.com
> <mailto:email at email.com>,CN=server.my.domain,OU=GTI,O=COMPANY,L=Rio de
> Janeiro,ST=Rio de Janeiro,C=BR; issuer CN=MY AD
>
>
>
> The both certificates (my 389DS and local server(linux) were generated
> by my AD Server. Just to notify that I already import my CA
> certificate into 389 database (I have AD password replication working
> using the AD CA).
>
>
>
> What am I missing?
Is your server cert (local_server.crt) also approved to be used as a
client cert?
openssl x509 -in local_server.crt -text
>
> Thanks a lot.
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120831/cff52241/attachment.html>
More information about the 389-users
mailing list