[Pkg-openssl-devel] Bug#1065424: Bug#1065424: Can't connect to Active Directory with openssl
Maciej Bogucki
macbogucki at gmail.com
Mon Mar 11 12:24:20 GMT 2024
Hi,
I have just added CA to ca-certificates and updated them using
/usr/sbin/update-ca-certificates
root at nsd-sdproxy1:~# ls -l /usr/local/share/ca-certificates/
total 4
-rw-r--r-- 1 root root 1238 Mar 11 13:01 dc1_CA.crt
root at nsd-sdproxy1:~#
I still can't connect to server
root at nsd-sdproxy1:~# /usr/bin/openssl.original-from-debian s_client
-connect 192.168.92.95:636 -CAfile /etc/ssl/certs/ca-certificates.crt
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 297 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
root at nsd-sdproxy1:~#
The certificate validation looks like ok.
root at nsd-sdproxy1:~# openssl.original-from-debian verify -purpose
sslserver -CAfile /etc/ssl/certs/ca-certificates.crt /tmp/nsd-ad.pem
/tmp/nsd-ad.pem: OK
root at nsd-sdproxy1:~#
Pozdrawiam serdecznie
Maciej Bogucki
On 4.03.2024 12:54, Kurt Roeckx wrote:
> Hi,
>
> It's unclear to me what you're reporting as error. The connection
> seems to be working. The verification of the certificate seems to
> fail. It seems you have your own CA, but the CA is not trusted because
> it's not in the certificate store.
>
> Kurt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20240311/d0ee0335/attachment.htm>
More information about the Pkg-openssl-devel
mailing list