[SAC] https on web vm
Martin Spott
Martin.Spott at mgras.net
Wed May 25 15:58:52 EDT 2011
On Wed, May 25, 2011 at 02:52:15PM +0200, Martin Spott wrote:
> Very strange, that's certainly something to look after .... :-/
osgeo1: 15:58:44 ~> /usr/bin/ldapsearch -d1 -H ldaps://ldap.osgeo.org/ -b dc=osgeo,dc=org -x
[...]
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 1, err: 2, subject: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA, issuer: /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
TLS certificate verification: Error, unable to get issuer certificate
TLS trace: SSL3 alert write:fatal:unknown CA
As far as I remember, this tastes similar to my attempts of getting the
LDAP server on the new "secure" VM running with the old OSGeo SSL
certificate. Maybe I'm now just looking into the opposite direction.
BTW, this posting looks terribly encouraging ....:
http://www.mail-archive.com/ldap@listserver.itd.umich.edu/msg00377.html
Ok, now I managed to get 'ldapsearch' working by configuring the LDAP
client lib on 'osgeo1' to "not request or check any server
certificate". This doesn't sound convincing, but might serve as an
interim solution.
Drupal authentication is still not working as expected.
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
More information about the Sac
mailing list