On 08/31/2012 11:38 AM, Alberto Viana wrote:
Hi,
I´m tyring to test a SSL connection from one server(linux) to
389DS using openssl:
openssl s_client -connect MY_389_SERVER:636 -cert
local_server.crt -key local_server.key -CAfile CA-AD.crt
And I got this error on my 389DS log:
[31/Aug/2012:14:04:57 -0300] conn=146531 Netscape Portable
Runtime error -8101 (Certificate type not approved for
application.); unauthenticated client E= email@xxxxxxxxx,CN=server.my.domain,OU=GTI,O=COMPANY,L=Rio
de Janeiro,ST=Rio de Janeiro,C=BR; issuer CN=MY AD
The both certificates (my 389DS and local server(linux) were
generated by my AD Server. Just to notify that I already import
my CA certificate into 389 database (I have AD password
replication working using the AD CA).
What am I missing?
Is your server cert (local_server.crt) also approved to be used as a
client cert?
openssl x509 -in local_server.crt -text
Thanks a lot.
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
|
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
