[rt-users] RT Authen: External Auth won't work over ssl

john s. fireskyer at gmx.de
Thu May 12 07:10:19 EDT 2011



So.. now i have tested an ldap conection over openssl 

the command is 

openssl s_client -connect xxx.xxx.xxx.xxx:636

it comes the following:

CONNECTED(00000003)
---
Certificate chain
 0 s:/CN=xxx.xxx.local
   i:/CN=xxxx.xxxx.local
---
Server certificate
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
subject=/CN=xxx.xxx.local
issuer=/CN=xxxx.xxxx.local
---
Acceptable client certificate CA names
/DC=local/DC=xxx/CN=xxxx-xxxx-CA
/CN=CAxxx
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority -
G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust
Network
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust
Global Root
/C=DE/ST=none/L=none/O=SBA/CN=xxx.xxx.local
/OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft
Root Authority
/DC=com/DC=microsoft/CN=Microsoft Root Certificate Authority
/CN=NT AUTHORITY
---
SSL handshake has read 1754 bytes and written 459 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA
    Session-ID:
324i0ßi0ß234i0ß234i0ß234i0ß234230i0ß234E6235DF2B6863A365ABB04043
    Session-ID-ctx: 
    Master-Key:
000000000000000000000000000000000000000000000529CE6AA71521FCA6A6E5C73446B201651FD2F8
    Key-Arg   : None
    Start Time: 1305192634
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---



Whas does the return code reveal?

best regards john s.




-- 
View this message in context: http://old.nabble.com/RT-Authen%3A-External-Auth-won%27t-work-over-ssl-tp31594799p31602076.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.




More information about the rt-users mailing list