[CentOS] can't use godaddy SSL cert
bluethundr
bluethundr at gmail.com
Sun Nov 28 18:04:29 UTC 2010
Hello CentOS:
Thanks for your input..
> As mentioned in my previous mail, there is no need to specify >TLSCACertificateFile in slapd.conf unless your server will request client >certificate for authentication. Nor is there any point in trying multiple >files, you can concatenate the CA certificates into a single file.
I have removed TLSCACertificateFile form slapd and now recognize that
this directive is only needed on the client side. Thanks for clueing
me into that.
And here is my /etc/ldap.conf file on on the CentOS 5.5 client:
[root at VIRCENT03:~]#cat /etc/ldap.conf
host 192.168.1.44
base dc=summitnjhome,dc=com
sudoers_base ou=sudoers,ou=Services,dc=summitnjhome,dc=com
scope sub
pam_password exop
nss_base_passwd ou=staff,dc=summitnjhome,dc=com
nss_base_shadow ou=staff,dc=summitnjhome,dc=com
TLS_CACERT /etc/openldap/cacerts/gd_sf_all.crt
And here are the contents of the cacerts directory on the CentOS 55 client:
[root at VIRCENT03:~]#ls -l /etc/openldap/cacerts/
total 36
-r--r--r-- 1 root root 27529 Nov 28 12:10 all.crt
lrwxrwxrwx 1 root root 7 Nov 28 12:20 b737b221.0 -> all.crt
And this is the way that nsswitch is setup on the CentOS client:
passwd: files ldap
shadow: files ldap
group: files ldap
sudoers: ldap
I have revised the location of the cert files on the server noted in
slapd.conf in order to separate out the certs from the cacerts. This
is just to organize things a little more neatly.
## TLS options for slapd
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /usr/local/etc/openldap/certs/slapd.crt
TLSCertificateKeyFile /usr/local/etc/openldap/certs/slapd.pem
And here are the contents of the /usr/local/etc/openldap/certs
directory, also on the server that is referenced in the TLS lines in
slapd.conf:
-r--r--r-- 1 root ldap 2309 Nov 26 18:52 LBSD2.summitnjhome.com.crt
dr--r--r-- 3 root ldap 512 Nov 28 03:32 bak
drwxr-xr-x 2 root ldap 512 Nov 28 03:26 cacerts
-r--r--r-- 1 root ldap 2309 Nov 26 18:53 slapd.crt
-r--r--r-- 1 root ldap 1781 Nov 26 18:36 slapd.csr
-r--r--r-- 1 root ldap 3311 Nov 26 18:35 slapd.key
-r--r--r-- 1 root ldap 3243 Nov 26 18:54 slapd.pem
Here is the location of the cacert file on the server that the
/etc/ldap.conf file on the client references;
LBSD2# ls -l /usr/local/etc/openldap/certs/cacerts
-r--r--r-- 1 root ldap 27529 Nov 28 15:49 all.crt
The all.crt file is the result of concatenating these files together:
all.crt gdroot-g2.crt sf_issuing.crt
ca_bundle.crt sf_bundle.crt sfroot-g2.crt
gd_bundle.crt sf-class2-root.crt sfsroot.crt
gd-class2-root.crt sf_cross_intermediate.crt sfsroot-g2.crt
gd_intermediate.crt sf_intermediate.crt
Here is where the testing begins:
[root at VIRCENT03:~]#openssl s_client -connect ldap.summitnjhome.com:389
-showcerts -CAfile /usr/local/etc/openldap/certs/cacerts/all.crt
10073:error:02001002:system library:fopen:No such file or
directory:bss_file.c:122:fopen('/usr/local/etc/openldap/certs/cacerts/all.crt','r')
10073:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
10073:error:0B084002:x509 certificate
routines:X509_load_cert_crl_file:system lib:by_file.c:279:
CONNECTED(00000003)
10073:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:
CONNECTED(00000003)
10065:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:
As you can see I have provided openssl the full path to the all.crt
file on the server and am still receiving a handshake failure. It
looks like openssl s_client is claiming that the all.crt file isn't
there when clearly it is!
> No. I assume that your hostname is the CN indicated above, so your -h is >not the issue. When you do -ZZ then ldapsearch will fail if it cannot >validate the certificate. You can try with a single -Z to see if it works.
Yes the hostname is in the CN of the cert file. So I agree that -h is
not the issue. :)
If I do an ldapsearch from the CentOS client it claims that it can't
verify the certificate:
[root at VIRCENT03:~]#ldapsearch -h ldap -b "dc=summitnjhome,dc=com" -Z
-D "cn=Manager,dc=summitnjhome,dc=com" "(objectclass=sudoRole)" -W
ldap_start_tls: Connect error (-11)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Enter LDAP Password:
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
If I provide some more information with the -d -44 flags this is what I see:
[root at VIRCENT03:~]#ldapsearch -h ldap -b "dc=summitnjhome,dc=com" -d
-44 -Z -D "cn=Manager,dc=summitnjhome,dc=com" "(objectclass=sudoRole)"
-W
ber_dump: buf=0x8eb62e8 ptr=0x8eb62e8 end=0x8eb6307 len=31
0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1
0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037
ber_dump: buf=0x8eb62e8 ptr=0x8eb62ed end=0x8eb6307 len=26
0000: 77 18 80 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e w...1.3.6.1.4.1.
0010: 31 34 36 36 2e 32 30 30 33 37 1466.20037
ber_dump: buf=0x8eb7678 ptr=0x8eb7678 end=0x8eb7684 len=12
0000: 02 01 01 78 07 0a 01 00 04 00 04 00 ...x........
ber_dump: buf=0x8eb7678 ptr=0x8eb767b end=0x8eb7684 len=9
0000: 78 07 0a 01 00 04 00 04 00 x........
request done: ld 0x8ead530 msgid 1
ber_dump: buf=0x8eb7678 ptr=0x8eb767b end=0x8eb7684 len=9
0000: 78 07 0a 01 00 04 00 04 00 x........
ber_dump: buf=0x8eb7678 ptr=0x8eb767b end=0x8eb7684 len=9
0000: 78 07 0a 01 00 04 00 04 00 x........
ber_dump: buf=0x8eb7678 ptr=0x8eb7684 end=0x8eb7684 len=0
TLS certificate verification: Error, unable to get local issuer certificate
TLS: can't connect.
ldap_start_tls: Connect error (-11)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Enter LDAP Password:
ldap_build_search_req ATTRS:
supportedSASLMechanisms
ber_dump: buf=0x8f1e6a0 ptr=0x8f1e6a0 end=0x8f1e6e0 len=64
0000: 30 3e 02 01 02 63 39 04 00 0a 01 00 0a 01 00 02 0>...c9.........
0010: 01 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object
0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74 class0...support
0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 edSASLMechanisms
ber_dump: buf=0x8f1e6a0 ptr=0x8f1e6a5 end=0x8f1e6e0 len=59
0000: 63 39 04 00 0a 01 00 0a 01 00 02 01 00 02 01 00 c9..............
0010: 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 .....objectclass
0020: 30 19 04 17 73 75 70 70 6f 72 74 65 64 53 41 53 0...supportedSAS
0030: 4c 4d 65 63 68 61 6e 69 73 6d 73 LMechanisms
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I am including the output of a -d -1 as an attachment for those that
are still curious because the output of that command is quite long. :)
When I issue getent commands for passwd and group it hangs forever
when it tries to access information from ldap:
[root at VIRCENT03:~]#getent passwd | grep ldapAccount
[root at VIRCENT03:~]#getent group | grep ldapAccount
However if I remove TLS from the equation with the -x flag everything
starts working again:
[root at VIRCENT03:~]#ldapsearch -x -h ldap -b "dc=summitnjhome,dc=com"
-D "cn=Manager,dc=summitnjhome,dc=com" -w localG30rg3T0wn
"(objectclass=sudoRole)"
# extended LDIF
#
# LDAPv3
# base <dc=summitnjhome,dc=com> with scope subtree
# filter: (objectclass=sudoRole)
# requesting: ALL
#
# defaults, sudoers, Services, summitnjhome.com
dn: cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
objectClass: top
objectClass: sudoRole
cn: defaults
description: Default sudoOption's go here
# %wheel, sudoers, Services, summitnjhome.com
dn: cn=%wheel,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
objectClass: top
objectClass: sudoRole
cn: %wheel
sudoHost: ALL
sudoRunAsUser: ALL
sudoCommand: ALL
sudoOption: !authenticate
sudoUser: %wheel
sudoUser: bluethundr
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
That's all I have for now. Sincere thanks to all those who have
provided input. I'll keep pounding away at this and hopefully figure
this out today.
Best regards!!!
On Thu, Nov 25, 2010 at 1:25 PM, <cpolish at surewest.net> wrote:
> bluethundr wrote:
>> I have setup the certificate chain in my slapd.conf like so:
>>
>> TLSCACertificateFile /usr/local/etc/openldap/cacerts/sf_issuing.crt
>
> I don't see where you say which directory these are stored in:
>
>> -rw-r--r-- 1 root bluethundr 2604 Nov 25 11:37 ca_bundle.crt
>> -r--r----- 1 root ldap 4604 Nov 24 18:57 gd_bundle.crt
>> -r--r----- 1 root ldap 1537 Nov 25 02:00 sf_issuing.crt
>
>> [root at LCENT01:/tmp/Foswiki-1.1.2]#openssl s_client -connect
>> ldap.example.com:389 -showcerts -CAfile sf_issuing.crt
>> 13730:error:02001002:system library:fopen:No such file or
>> directory:bss_file.c:122:fopen('sf_issuing.crt','r')
>
> It looks like the expected directory is not the one being
> used. Perhaps try use this invocation:
>
> openssl s_client -connect ldap.example.com:389 -showcerts -CAfile /path/to/sf_issuing.crt
>
> Best regards,
> --
> Charles Polisher
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys B6D6EAC3
-------------- next part --------------
[root at VIRCENT03:~]#ldapsearch -h ldap -b "dc=summitnjhome,dc=com" -d -1 -Z -D "cn=Manager,dc=summitnjhome,dc=com" "(objectclass=sudoRole)" -W
ldap_create
ldap_url_parse_ext(ldap://ldap)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldap:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.1.44:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0xa0312e8 ptr=0xa0312e8 end=0xa031307 len=31
0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1
0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037
ber_scanf fmt ({) ber:
ber_dump: buf=0xa0312e8 ptr=0xa0312ed end=0xa031307 len=26
0000: 77 18 80 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e w...1.3.6.1.4.1.
0010: 31 34 36 36 2e 32 30 30 33 37 1466.20037
ber_flush: 31 bytes to sd 3
0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1
0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037
ldap_write: want=31, written=31
0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1
0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037
ldap_result ld 0xa028530 msgid 1
wait4msg ld 0xa028530 msgid 1 (infinite timeout)
wait4msg continue ld 0xa028530 msgid 1 all 1
** ld 0xa028530 Connections:
* host: ldap port: 389 (default)
refcnt: 2 status: Connected
last used: Sun Nov 28 12:39:55 2010
** ld 0xa028530 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** ld 0xa028530 Response Queue:
Empty
ldap_chkResponseList ld 0xa028530 msgid 1 all 1
ldap_chkResponseList returns ld 0xa028530 NULL
ldap_int_select
read1msg: ld 0xa028530 msgid 1 all 1
ber_get_next
ldap_read: want=8, got=8
0000: 30 0c 02 01 01 78 07 0a 0....x..
ldap_read: want=6, got=6
0000: 01 00 04 00 04 00 ......
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0xa032690 ptr=0xa032690 end=0xa03269c len=12
0000: 02 01 01 78 07 0a 01 00 04 00 04 00 ...x........
read1msg: ld 0xa028530 msgid 1 message type extended-result
ber_scanf fmt ({eaa) ber:
ber_dump: buf=0xa032690 ptr=0xa032693 end=0xa03269c len=9
0000: 78 07 0a 01 00 04 00 04 00 x........
read1msg: ld 0xa028530 0 new referrals
read1msg: mark request completed, ld 0xa028530 msgid 1
request done: ld 0xa028530 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ber_scanf fmt ({eaa) ber:
ber_dump: buf=0xa032690 ptr=0xa032693 end=0xa03269c len=9
0000: 78 07 0a 01 00 04 00 04 00 x........
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0xa032690 ptr=0xa032693 end=0xa03269c len=9
0000: 78 07 0a 01 00 04 00 04 00 x........
ber_scanf fmt (}) ber:
ber_dump: buf=0xa032690 ptr=0xa03269c end=0xa03269c len=0
ldap_msgfree
TLS trace: SSL_connect:before/connect initialization
tls_write: want=121, written=121
0000: 80 77 01 03 01 00 4e 00 00 00 20 00 00 39 00 00 .w....N... ..9..
0010: 38 00 00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 8..5............
0020: 00 00 33 00 00 32 00 00 2f 03 00 80 00 00 05 00 ..3..2../.......
0030: 00 04 01 00 80 00 00 15 00 00 12 00 00 09 06 00 ................
0040: 40 00 00 14 00 00 11 00 00 08 00 00 06 04 00 80 @...............
0050: 00 00 03 02 00 80 00 00 ff d2 49 1a b8 a2 59 29 ..........I...Y)
0060: 8f 56 dd af 9e fb 9b f7 1a cd 7f fd f4 12 ed c2 .V..............
0070: c8 7c 9b 74 fb bf 22 10 3e .|.t..".>
TLS trace: SSL_connect:SSLv2/v3 write client hello A
tls_read: want=7, got=7
0000: 16 03 01 00 4a 02 00 ....J..
tls_read: want=72, got=72
0000: 00 46 03 01 4c f2 cd 04 36 77 bc 36 fd a3 c6 bd .F..L...6w.6....
0010: 9d d4 2f 03 6a 9d e7 5a 92 fe 58 1a ab 98 7b 3a ../.j..Z..X...{:
0020: d1 09 8f 82 20 c4 84 9a 2b 22 6f 9b f7 92 4e 18 .... ...+"o...N.
0030: 96 86 0e 4a 0a 5d 14 0d a9 f7 17 db 94 21 4c 3f ...J.].......!L?
0040: cd e0 6f 41 f6 00 35 00 ..oA..5.
TLS trace: SSL_connect:SSLv3 read server hello A
tls_read: want=5, got=5
0000: 16 03 01 06 8b .....
tls_read: want=1675, got=1364
0000: 0b 00 06 87 00 06 84 00 06 81 30 82 06 7d 30 82 ..........0..}0.
0010: 05 65 a0 03 02 01 02 02 07 04 30 d7 a0 27 65 40 .e........0..'e@
0020: 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 0...*.H........0
0030: 81 ca 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 ..1.0...U....US1
0040: 10 30 0e 06 03 55 04 08 13 07 41 72 69 7a 6f 6e .0...U....Arizon
0050: 61 31 13 30 11 06 03 55 04 07 13 0a 53 63 6f 74 a1.0...U....Scot
0060: 74 73 64 61 6c 65 31 1a 30 18 06 03 55 04 0a 13 tsdale1.0...U...
0070: 11 47 6f 44 61 64 64 79 2e 63 6f 6d 2c 20 49 6e .GoDaddy.com, In
0080: 63 2e 31 33 30 31 06 03 55 04 0b 13 2a 68 74 74 c.1301..U...*htt
0090: 70 3a 2f 2f 63 65 72 74 69 66 69 63 61 74 65 73 p://certificates
00a0: 2e 67 6f 64 61 64 64 79 2e 63 6f 6d 2f 72 65 70 .godaddy.com/rep
00b0: 6f 73 69 74 6f 72 79 31 30 30 2e 06 03 55 04 03 ository100...U..
00c0: 13 27 47 6f 20 44 61 64 64 79 20 53 65 63 75 72 .'Go Daddy Secur
00d0: 65 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 e Certification
00e0: 41 75 74 68 6f 72 69 74 79 31 11 30 0f 06 03 55 Authority1.0...U
00f0: 04 05 13 08 30 37 39 36 39 32 38 37 30 1e 17 0d ....079692870...
0100: 31 30 31 31 32 36 31 39 33 35 31 37 5a 17 0d 31 101126193517Z..1
0110: 31 31 31 32 35 30 31 30 31 34 31 5a 30 65 31 1f 11125010141Z0e1.
0120: 30 1d 06 03 55 04 0a 13 16 4c 42 53 44 32 2e 73 0...U....LBSD2.s
0130: 75 6d 6d 69 74 6e 6a 68 6f 6d 65 2e 63 6f 6d 31 ummitnjhome.com1
0140: 21 30 1f 06 03 55 04 0b 13 18 44 6f 6d 61 69 6e !0...U....Domain
0150: 20 43 6f 6e 74 72 6f 6c 20 56 61 6c 69 64 61 74 Control Validat
0160: 65 64 31 1f 30 1d 06 03 55 04 03 13 16 4c 42 53 ed1.0...U....LBS
0170: 44 32 2e 73 75 6d 6d 69 74 6e 6a 68 6f 6d 65 2e D2.summitnjhome.
0180: 63 6f 6d 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 com0.."0...*.H..
0190: 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 ...........0....
01a0: 82 02 01 00 d3 f5 ce 7a 83 37 67 f1 87 ed 61 25 .......z.7g...a%
01b0: 08 52 6e a2 89 11 92 95 94 55 37 26 7b 1b 36 f0 .Rn......U7&{.6.
01c0: 96 d8 77 66 b3 fe d1 3d dc d8 2c df b6 04 2b 2a ..wf...=..,...+*
01d0: 55 ce 46 29 5b 10 66 c9 88 aa 14 9c db 75 dd d2 U.F)[.f......u..
01e0: 08 28 9f ce f5 b3 bb bc 87 a0 2f 82 34 18 44 d2 .(......../.4.D.
01f0: b9 49 fd 81 e1 f2 96 c2 32 4f 74 61 c8 ae ca 04 .I......2Ota....
0200: 60 5f 97 02 04 bc ee 2d 81 53 9c 82 66 77 5c ae `_.....-.S..fw\.
0210: 3d 18 c3 42 98 3e 0d 42 97 84 68 9f ea 3f fc 99 =..B.>.B..h..?..
0220: 7a b4 68 5f fa 0e 99 a7 76 a5 5c c5 a9 4f 4f b5 z.h_....v.\..OO.
0230: 88 64 b2 f0 e3 37 21 c0 83 c1 2b b5 ba 90 68 63 .d...7!...+...hc
0240: c4 9b fe 8d ce 7d da d4 f8 e1 55 0b 25 14 24 10 .....}....U.%.$.
0250: fc 16 50 ec 3d b5 1f d8 4a c7 12 3f 32 0d 91 c0 ..P.=...J..?2...
0260: ae ae a0 17 d5 89 3c 81 3f d0 31 e1 c7 86 78 90 ......<.?.1...x.
0270: ca 80 82 03 80 bb dc 1b fa 60 5c 55 a3 41 e5 50 .........`\U.A.P
0280: 10 b5 c0 80 08 2f 1e 60 fe 8a 7f 5a 53 9c 8b 48 ...../.`...ZS..H
0290: f6 f6 be 41 da 78 bf 7d 97 87 75 05 53 cb bd 53 ...A.x.}..u.S..S
02a0: ad 9c 12 db ab d8 91 31 8a 58 93 cc 64 80 6f 3c .......1.X..d.o<
02b0: 0a a1 74 9e 34 91 65 c7 5f e3 61 a6 7a cd 7a ab ..t.4.e._.a.z.z.
02c0: f5 f4 d6 4c 40 f2 f0 45 33 89 36 59 33 54 fc 5c ...L at ..E3.6Y3T.\
02d0: 28 b2 78 19 17 ac f2 d1 93 4b b7 2c f6 95 c7 86 (.x......K.,....
02e0: 44 4b cf 8f bd 6c 99 1c 0e 94 a7 00 46 af 86 e7 DK...l......F...
02f0: 95 83 83 77 4c 80 b1 c6 f0 0e 81 2a 02 12 98 12 ...wL......*....
0300: ff f5 3f 17 e0 c1 b2 84 7b 53 7e 8e f9 53 73 8a ..?.....{S~..Ss.
0310: de f2 19 65 b7 fe 56 45 d0 05 a2 03 04 84 11 2d ...e..VE.......-
0320: 0d 0b 5f 52 34 c1 22 4a 40 c2 e7 d1 b7 95 cc a7 .._R4."J at .......
0330: 59 38 cf 0f 79 d1 ad 14 14 65 c1 27 60 36 b8 84 Y8..y....e.'`6..
0340: e8 37 96 ea cd 61 8e 9a 71 b0 c0 2c 68 e3 a7 b4 .7...a..q..,h...
0350: 0b 7a cc 71 44 65 14 ac 9d bc 54 f6 01 8e 16 61 .z.qDe....T....a
0360: fb 88 ab ae f7 80 cc 1f 40 87 ab 5e 9b d8 d6 37 ........ at ..^...7
0370: 3a c5 2f 5b 5f 80 cf 62 b6 93 80 5f 7b 5f ef 6d :./[_..b..._{_.m
0380: cb 8e ef 67 c9 c2 78 37 bb 3e b0 ee a3 07 8a ab ...g..x7.>......
0390: b7 02 76 b6 a0 18 7d 37 cc 54 44 e4 e5 ad 3e f0 ..v...}7.TD...>.
03a0: 97 34 76 c7 02 03 01 00 01 a3 82 01 ca 30 82 01 .4v..........0..
03b0: c6 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 .0...U.......0..
03c0: 01 00 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b ..0...U.%..0...+
03d0: 06 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 .........+......
03e0: 02 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 .0...U..........
03f0: a0 30 33 06 03 55 1d 1f 04 2c 30 2a 30 28 a0 26 .03..U...,0*0(.&
0400: a0 24 86 22 68 74 74 70 3a 2f 2f 63 72 6c 2e 67 .$."http://crl.g
0410: 6f 64 61 64 64 79 2e 63 6f 6d 2f 67 64 73 31 2d odaddy.com/gds1-
0420: 32 36 2e 63 72 6c 30 4d 06 03 55 1d 20 04 46 30 26.crl0M..U. .F0
0430: 44 30 42 06 0b 60 86 48 01 86 fd 6d 01 07 17 01 D0B..`.H...m....
0440: 30 33 30 31 06 08 2b 06 01 05 05 07 02 01 16 25 0301..+........%
0450: 68 74 74 70 73 3a 2f 2f 63 65 72 74 73 2e 67 6f https://certs.go
0460: 64 61 64 64 79 2e 63 6f 6d 2f 72 65 70 6f 73 69 daddy.com/reposi
0470: 74 6f 72 79 2f 30 81 80 06 08 2b 06 01 05 05 07 tory/0....+.....
0480: 01 01 04 74 30 72 30 24 06 08 2b 06 01 05 05 07 ...t0r0$..+.....
0490: 30 01 86 18 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 0...http://ocsp.
04a0: 67 6f 64 61 64 64 79 2e 63 6f 6d 2f 30 4a 06 08 godaddy.com/0J..
04b0: 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f +.....0..>http:/
04c0: 2f 63 65 72 74 69 66 69 63 61 74 65 73 2e 67 6f /certificates.go
04d0: 64 61 64 64 79 2e 63 6f 6d 2f 72 65 70 6f 73 69 daddy.com/reposi
04e0: 74 6f 72 79 2f 67 64 5f 69 6e 74 65 72 6d 65 64 tory/gd_intermed
04f0: 69 61 74 65 2e 63 72 74 30 1f 06 03 55 1d 23 04 iate.crt0...U.#.
0500: 18 30 16 80 14 fd ac 61 32 93 6c 45 d6 e2 ee 85 .0.....a2.lE....
0510: 5f 9a ba e7 76 99 68 cc e7 30 3d 06 03 55 1d 11 _...v.h..0=..U..
0520: 04 36 30 34 82 16 4c 42 53 44 32 2e 73 75 6d 6d .604..LBSD2.summ
0530: 69 74 6e 6a 68 6f 6d 65 2e 63 6f 6d 82 1a 77 77 itnjhome.com..ww
0540: 77 2e 4c 42 53 44 32 2e 73 75 6d 6d 69 74 6e 6a w.LBSD2.summitnj
0550: 68 6f 6d 65 home
tls_read: want=311, got=311
0000: 2e 63 6f 6d 30 1d 06 03 55 1d 0e 04 16 04 14 f4 .com0...U.......
0010: 53 6d 01 69 29 86 69 fc ee 4e d5 94 0c 9a 0e 2c Sm.i).i..N.....,
0020: 00 76 32 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 .v20...*.H......
0030: 05 00 03 82 01 01 00 a8 e3 1c ea 53 86 41 70 63 ...........S.Apc
0040: 45 93 45 e2 fc 60 6b 46 e3 c9 a5 52 d3 78 d0 da E.E..`kF...R.x..
0050: 08 b3 2a 97 ef 76 e4 0a 56 f1 8e e5 56 92 35 04 ..*..v..V...V.5.
0060: cb 7b d8 c9 01 bf b4 b9 7d 1a cf 61 68 b0 80 5e .{......}..ah..^
0070: 54 f4 30 f3 e5 1a 26 22 a9 c3 72 64 b6 b9 2c 6f T.0...&"..rd..,o
0080: 1c 55 16 14 fe eb 71 d9 69 ae 6f 89 5b 7d 33 24 .U....q.i.o.[}3$
0090: 33 a3 33 54 63 e0 79 c5 bb c5 94 a6 2d 0b 4e f8 3.3Tc.y.....-.N.
00a0: 2c e9 b0 59 b3 b3 b4 18 c7 6d ff 13 c3 5a 3e 0e ,..Y.....m...Z>.
00b0: 0e 34 6b 40 73 6d bf e6 9c 70 30 95 7b e2 ac 6d .4k at sm...p0.{..m
00c0: c8 58 92 e4 ca 26 be 65 a7 db 61 b3 41 8f 0e c9 .X...&.e..a.A...
00d0: 5d 0a c8 8d 5d 3a 1b b1 5e e9 0a 3f d8 a9 58 ab ]...]:..^..?..X.
00e0: af 65 41 aa d7 47 47 34 96 f2 13 6d a3 db 9d e2 .eA..GG4...m....
00f0: 72 96 d3 87 34 25 92 eb 96 38 5f 7c f8 2d e1 e4 r...4%...8_|.-..
0100: 26 ce f3 ba f4 fb 89 65 06 50 8c 2e ee 28 e4 c7 &......e.P...(..
0110: e3 2a b1 50 44 b8 91 ed f5 c4 5f 9c dd c6 55 f7 .*.PD....._...U.
0120: 0f 7f e5 5d f2 ae 10 ef f4 ef c5 38 e7 c7 dc 85 ...].......8....
0130: 1e 01 a3 1b f6 d4 f6 .......
TLS certificate verification: depth: 0, err: 20, subject: /O=LBSD2.summitnjhome.com/OU=Domain Control Validated/CN=LBSD2.summitnjhome.com, issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
TLS certificate verification: Error, unable to get local issuer certificate
tls_write: want=7, written=7
0000: 15 03 01 00 02 02 30 ......0
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_perror
ldap_start_tls: Connect error (-11)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Enter LDAP Password:
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_build_search_req ATTRS:
supportedSASLMechanisms
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0xa099bc8 ptr=0xa099bc8 end=0xa099c08 len=64
0000: 30 3e 02 01 02 63 39 04 00 0a 01 00 0a 01 00 02 0>...c9.........
0010: 01 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object
0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74 class0...support
0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 edSASLMechanisms
ber_scanf fmt ({) ber:
ber_dump: buf=0xa099bc8 ptr=0xa099bcd end=0xa099c08 len=59
0000: 63 39 04 00 0a 01 00 0a 01 00 02 01 00 02 01 00 c9..............
0010: 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 .....objectclass
0020: 30 19 04 17 73 75 70 70 6f 72 74 65 64 53 41 53 0...supportedSAS
0030: 4c 4d 65 63 68 61 6e 69 73 6d 73 LMechanisms
ber_flush: 64 bytes to sd 3
0000: 30 3e 02 01 02 63 39 04 00 0a 01 00 0a 01 00 02 0>...c9.........
0010: 01 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object
0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74 class0...support
0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 edSASLMechanisms
ldap_write: want=64, written=64
0000: 30 3e 02 01 02 63 39 04 00 0a 01 00 0a 01 00 02 0>...c9.........
0010: 01 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object
0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74 class0...support
0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 edSASLMechanisms
ldap_result ld 0xa028530 msgid 2
wait4msg ld 0xa028530 msgid 2 (infinite timeout)
wait4msg continue ld 0xa028530 msgid 2 all 1
** ld 0xa028530 Connections:
* host: ldap port: 389 (default)
refcnt: 2 status: Connected
last used: Sun Nov 28 12:40:00 2010
** ld 0xa028530 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
** ld 0xa028530 Response Queue:
Empty
ldap_chkResponseList ld 0xa028530 msgid 2 all 1
ldap_chkResponseList returns ld 0xa028530 NULL
ldap_int_select
read1msg: ld 0xa028530 msgid 2 all 1
ber_get_next
ldap_read: want=8, got=8
0000: 16 03 01 00 04 0e 00 00 ........
ber_get_next failed.
ldap_perror
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More information about the CentOS
mailing list