Vipul Ramani wrote: > > > CA is self-signed generated certificate . by Linux2 it self. > > > [root at linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 -n "CA" > > Certificate Nickname Trust > Attributes > > SSL,S/MIME,JAR/XPI > > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 1000 (0x3e8) > Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption > Issuer: "CN=CAcert" > Validity: > Not Before: Fri Oct 17 15:11:18 2008 > Not After : Wed Oct 17 15:11:18 2018 > Subject: "CN=CAcert" > Subject Public Key Info: > Public Key Algorithm: PKCS #1 RSA Encryption > RSA Public Key: > Modulus: > c8:40:4b:86:0b:70:3d:5d:6a:f6:f4:a5:86:e9:1c:98: > d0:dd:19:31:e3:b8:18:3b:0a:c8:9f:83:33:98:cd:98: > 54:83:9d:73:97:69:04:26:b8:75:4a:95:7e:ed:92:62: > 51:2c:70:8a:a6:f2:a6:8b:b5:c6:53:d3:f8:cc:01:c9: > e8:78:55:1f:69:e3:c4:5c:5e:e8:a6:bf:dc:53:ac:a6: > ce:75:14:98:2f:a7:c0:da:ae:be:5d:91:e6:f2:96:84: > 02:a0:ec:df:e4:de:91:25:2d:65:d8:bd:79:3d:07:ea: > 8c:9f:9e:5b:ee:04:a3:18:2e:98:c6:ab:15:a1:d5:d9 > Exponent: 65537 (0x10001) > Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption > Signature: > 55:bd:f2:f7:37:e5:60:e0:87:20:a7:d7:69:b2:eb:79: > e6:98:7e:72:f1:b1:dc:11:08:94:fd:c3:56:a8:14:37: > 2b:1b:cd:bc:05:3d:54:45:73:7f:b2:dc:f8:f1:f4:44: > 61:25:54:c6:e2:c2:68:1f:d7:cc:d3:37:16:37:98:b8: > 37:c3:7e:49:48:12:58:17:26:fe:87:bc:d4:ef:ee:6b: > 5d:35:1f:1f:72:a5:5e:6b:b7:94:e6:c3:63:7c:2a:24: > 4c:43:39:cd:74:7b:56:08:15:f9:85:3f:ed:c9:ba:01: > 88:d0:90:84:1d:e6:0e:84:7f:83:8e:bf:9e:9a:b2:a3 > Fingerprint (MD5): > 2C:77:B6:61:BA:3D:F0:E2:8E:EB:BA:4D:74:A4:E4:0C > Fingerprint (SHA1): > 06:FE:B9:62:26:E7:56:1E:2B:84:C0:5E:AC:DC:F7:1A:AE:A8:58:0E > > Certificate Trust Flags: > SSL Flags: > Valid CA > Trusted CA > User > Trusted Client CA > Email Flags: > User > Object Signing Flags: > User > > [root at linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 -n "linux2" > > Certificate Nickname Trust > Attributes > > SSL,S/MIME,JAR/XPI > > Certificate: > Data: > Version: 3 (0x2) > Serial Number: > 14:fc:4e:02:00:00:00:00:00:16 > Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption > Issuer: "CN=labdc01,DC=tf-lab,DC=test2,DC=com" > Validity: > Not Before: Fri Oct 17 23:35:13 2008 > Not After : Sun Oct 17 23:35:13 2010 > Subject: > "CN=linux2,OU=Ops,O=Exponential,L=Emeryville,ST=California,C > =US" This is not correct. instead of CN=linux2, you should have CN=linux2.tf-lab.test2.com or whatever your domain is. Although I don't think this is the cause of the failure to connect. > Subject Public Key Info: > Public Key Algorithm: PKCS #1 RSA Encryption > RSA Public Key: > Modulus: > da:db:9b:d8:c2:aa:42:4e:85:69:b2:0a:19:46:87:2d: > 67:e6:4b:9b:4d:97:96:6a:e3:bf:90:c2:ab:a7:0d:17: > --removed-some-part--- > 24:72:dc:18:5c:7e:1a:16:b3:bd:38:1b:0a:0f:a6:48: > ae:4e:ef:5a:eb:cd:12:6f:5e:16:8f:6c:ce:ff:fa:71 > Exponent: 65537 (0x10001) > Signed Extensions: > Name: Certificate Subject Key ID > Data: > 75:e0:f9:0d:9f:77:24:61:38:87:17:87:43:ee:25:5d: > c0:b2:4f:d3 > > Name: Certificate Authority Key Identifier > Key ID: > 83:c2:a6:03:eb:b2:a8:ea:40:d0:63:42:01:68:8f:a8: > 11:9e:ec:f9 > > Name: CRL Distribution Points > URI: > "ldap:///CN=labdc01,CN=labdc01,CN=CDP,CN=Public%20Key%20Serv > ices,CN=Services,CN=Configuration,DC=tf-lab,DC=test2,D > > C=com?certificateRevocationList?base?objectClass=cRLDistribut > ionPoint" > URI: "http://labdc01.tf-lab.test2.com/CertEnroll/labdc01.c > rl" > > Name: Authority Information Access > Method: PKIX CA issuers access method > Location: > URI: > "ldap:///CN=labdc01,CN=AIA,CN=Public%20Key%20Services,CN > =Services,CN=Configuration,DC=tf-lab,DC=test2,DC=c > > om?cACertificate?base?objectClass=certificationAuthority" > Method: PKIX CA issuers access method > Location: > URI: "*http://labdc01.tf-lab.test2.com*/CertEnroll/labdc > 01.tf-lab.test2.com_labdc01.crt" > > Name: Microsoft Enrollment Cert Type Extension > Data: "WebServer" > > Name: Certificate Basic Constraints > Critical: True > Data: Is not a CA. > > Name: Certificate Key Usage > Usages: Digital Signature > Key Encipherment > > Name: Extended Key Usage > TLS Web Server Authentication Certificate > > Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption > Signature: > 0b:f7:2f:25:e5:99:aa:27:59:5d:76:96:5a:64:0b:a7: > 91:7d:48:49:fd:a8:46:db:cc:39:7b:97:34:94:3c:0c: > 7c:fe:4d:f7:99:5e:da:a6:7d:53:5c:36:ba:ed:a7:05: > 60:04:2a:76:6e:02:75:a0:1c:59:bd:ad:82:db:fc:61: > --removed some--part-- > 6d:11:23:4c:77:60:18:ec:fd:47:63:72:d3:00:ee:04: > c2:01:3a:d8:dc:f1:4b:55:c5:7a:39:09:83:9b:09:bd: > 65:64:4c:6f:8d:19:86:94:95:76:1b:07:08:ad:03:70 > Fingerprint (MD5): > BD:3D:31:6C:27:A8:82:1A:11:81:5B:F6:56:D7:FA:E3 > Fingerprint (SHA1): > 89:45:EE:8E:7D:B7:01:EB:72:80:F2:86:91:B8:02:D4:60:3A:19:FA > > Certificate Trust Flags: > SSL Flags: > Valid CA > Trusted CA > User > Trusted Client CA > Email Flags: > User > Object Signing Flags: > User > > > > *| /usr/lib/mozldap/ldapsearch -h windowshost -p 636 -Z -P > /etc/dirsrv/slapd-linux2 -3 -s base -b "" "objectclass=*" * > Sorry, try /usr/lib/mozldap/ldapsearch -h windowshost -p 636 -Z -P /etc/dirsrv/slapd-linux2/cert8.db -3 -s base -b "" "objectclass=*" > *When i do this i am getting cordump ... :(( * > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20081020/0942a92d/attachment.bin
