Ldap Error 8174
Contents |
openldap-technical@openldap.org Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=/zU0tsD2o3NkAAZBcdCd3Hp/E8qLBd1Tgxxz+LirfIc=;
Tls Error 8157 Certificate Extension Not Found
b=cOxF2TBn1S7zb1cKjVWgurno9SGrZAUrlu1KF/cWYsLg381YL/vRT6iN9O3AR82Xll 8hhuhVAFPGaR9410Wv89iTzaJUNMGweP/LY2oFjaDgDIA+QELNMapi5/i1N+VPQSOSik 8uec6lNrXQRFiRBGRDURN4bPKggszP6QcVBLA= In-reply-to: <4E414D24.9080105@up247solution.com> References: <4E41453E.8050902@up247solution.com> ldaptls_reqcert <4E4148F1.1030209@gmail.com> <4E414D24.9080105@up247solution.com> User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.18) Gecko/20110617 Red
Tls Error -8157:certificate Extension Not Found
Hat/3.1.11-2.el6_1 Lightning/1.0b3pre Thunderbird/3.1.11 On 08/09/2011 09:07 AM, Daniel Qian wrote: On 11-08-09 10:49 AM, Rich Megginson wrote: On 08/09/2011 ldapsearch disable certificate verification 08:33 AM, Daniel Qian wrote: Hi, I have slapd 2.4.24 and everything works without TLS. but if I add a -Z option to the ldapsearch command I get this: [root@ldaprov1 cacerts]# ldapsearch -x -LLL -b cn=config -D cn=admin,cn=config -wxxxxxxx moznss error -5938 -Z -H ldap://ldaprov1.prod cn=config ldap_start_tls: Connect error (-11) ldap_result: Can't contact LDAP server (-1) slapd.log shows something like this : connection_read(16): TLS accept failure error=-1 id=1006, closing Output from openssl debug: [root@ldaprov1 cacerts]# openssl s_client -connect hostname:389 -showcerts -state -CAfile cacert.pem CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A 140225133647680:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 113 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- The configurations are as follow (same command as above but without the -Z option): [root@ldaprov1 cacerts]# ldapsearch -x -LLL -b cn=config -D cn=admin,cn=confi
SSL fact Novell eDirectory 8.6 for All Platforms Novell eDirectory 8.7 for All Platforms Novell eDirectory 8.7.1 for All
Ldap_start_tls: Can't Contact Ldap Server (-1)
Platforms symptom Attempting to connect to an LDAP server over SSL comes ldapsearch ignore self signed certificate back with error -8174 (security library: bad database.) Connection using port 389 works correctly SSL is functional on
Ldap_start_tls: Connect Error (-11)
the target server (It is possible to browse to https://ipaddress:8009/to access the Netware Remote Manager) You've requested with your client LDAP browser to use a Secure Connection cause In http://www.openldap.org/lists/openldap-technical/201108/msg00096.html order to connect to the LDAP server via SSL the client uses a local database of known Certificate Authorities (CAs). Your LDAP server uses a certificate to provideSSL services that may have been signed by a public CA (like Verisign) or by your internal Organizational CA (the one you created when installing the tree).If the CA that signed this http://support.novell.com/docs/Tids/Solutions/10090049.html certificate is not known by the client, the connection will not be established. You need then to declare this CA in the LDAP browser certificate database in order to do this. fix If your objective is just to test that LDAP over SSL works correctly, follow the recommendations on TIDTID10066259HowtotestLDAPoverSSL. This document describes how to connect with the Import/Export Wizard in ConsoleOne. If your objective is insteadto use LDAP Browser from Softerra or the ldapsearch utility provided with the new SunOne Directory SDK, formerly known as Netscape LDAP SDK then you will need some more work still. These utilities rely on a certificate database format present on the Netscape/Mozilla browser. This certificate database can be called cert7.db or cert8.db, depending on the version of libraries used to create them. They are not compatible between each other. You will need to find out what database your utility is looking for before going forward. The version of Mozilla available at the moment of writing this TID was 1.5 and it would create a cert8.db file. So would Netscap
here for a quick overview of the site Help Center Detailed answers https://superuser.com/questions/1127035/error-while-configuration-new-ssl-certificate-on-ldap-server-and-client to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business http://unix.ittoolbox.com/groups/technical-functional/solaris-l/ssl-initialization-failed-error-8174-security-library-bad-database-3550482 Learn more about hiring developers or posting ads with us Super User Questions Tags Users Badges Unanswered Ask Question _ Super User is a question tls error and answer site for computer enthusiasts and power users. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top Error while configuration new SSL certificate on LDAP server and certificate extension not client up vote 0 down vote favorite My last SSL certificate expired yesterday and which was configured on my LDAP server, so i purchased a new SSL key activated it and again tried to configure but still it showing the same error. Firstly i tried ldapsearch -d 33 -H ldaps://ldap.example.com -b "dc=example,dc=com" -D "cn=manager,ou=Internal,dc=example,dc=com" -w Zsi9olp4rf8jWi6bmD to connect with server then output was ldap_url_parse_ext(ldaps://ldap.example.com) ldap_create ldap_url_parse_ext(ldaps://ldap.example.com:636/??base) ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP ldap.example.com:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 10.2.0.102:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 attempting to connect: connect success TLS: certdb config: configDir='/etc/openldap/cacerts' tokenDescription='ldap(0)' certPrefix='' keyPrefix='' flags=readOnly TLS: using moznss security dir /etc/openldap/cacerts prefix . TLS: loaded CA certificate file /etc/openldap/cacerts/f96879fa.1. **TLS: certificate [CN=*.example.com,OU=EssentialSSL Wildcard,OU=Domain Control Validated] is not valid - error -8181:Peer's Certificate has expired..** TLS: error: connect - force handshake failure: errno 21 - moznss error -8174 TLS: can't connect: TLS error -8174:securi
Technology and Trends Enterprise Architecture and EAI ERP Hardware IT Management and Strategy Java Knowledge Management Linux Networking Oracle PeopleSoft Project and Portfolio Management SAP SCM Security Siebel Storage UNIX Visual Basic Web Design and Development Windows < Back CHOOSE A DISCUSSION GROUP Research Directory TOPICS Database Hardware Networking SAP Security Web Design MEMBERS Paul_Pedant DACREE MarkDeVries Inside-ERP VoIP_News MacProTX I_am_the_dragon Inside-CRM maxwellarnold Michael Meyers-Jouan TerryCurran Chris_Day Andrew.S.Baker Ramnath.Awate JoeTorre Locutus Craig Borysowich Dennis Stevenson DukeGanote Richard mircea_luca iudithm Clinton Jones bracke Nikki Klein AbhaiTripathi Iqbalyk blrvenkat jakarman Adrian_Grigoriu COMPANIES Sophos EdgeWave Skybot Software Epicor Software ... View All Topics View All Members View All Companies Toolbox for IT Topics UNIX Groups Ask a New Question Solaris The Solaris group is a forum where peers share technical expertise, solve problems, and discuss issues related to the Solaris operating system, including OS-related malfunctions, security issues, and network performance. Home | Invite Peers | More UNIX Groups Your account is ready. You're now being signed in. Solve problems - It's Free Create your account in seconds E-mail address is taken If this is your account,sign in here Email address Username Between 5 and 30 characters. No spaces please The Profile Name is already in use Password Notify me of new activity in this group: Real Time Daily Never Keep me informed of the latest: White Papers Newsletter Jobs By clicking "Join Now", you agree to Toolbox for Technology terms of use, and have read and understand our privacy policy. SSL initialization failed: error -8174 (security library: bad database.) rahul s asked Jun 4, 2010 | Replies (1) Hi I am getting the same error again even after creating the cert8.db and key, I am using openldap on solaris 10, t