Difference between revisions of "Ipa verify CA with ssl"
From Asenjo
(Created page with "Category:IPA When binding to the ldap server using encrypted connections (ldaps or ldap with tls) we need to import first the Certificate Authority of our IPA instance. ...") |
m |
||
Line 5: | Line 5: | ||
We can verify the certificate file of this CA is correct using openssl: | We can verify the certificate file of this CA is correct using openssl: | ||
− | + | <pre> | |
openssl s_client -connect kdc.ipa.asenjo.nx:636 -CAfile /etc/ipa/ca.crt < /dev/null | openssl s_client -connect kdc.ipa.asenjo.nx:636 -CAfile /etc/ipa/ca.crt < /dev/null | ||
Line 54: | Line 54: | ||
DONE | DONE | ||
− | </pre | + | </pre> |
so you see, the verify return code is 0 and the file is correct. | so you see, the verify return code is 0 and the file is correct. |
Latest revision as of 22:54, 28 August 2015
When binding to the ldap server using encrypted connections (ldaps or ldap with tls) we need to import first the Certificate Authority of our IPA instance.
We can verify the certificate file of this CA is correct using openssl:
openssl s_client -connect kdc.ipa.asenjo.nx:636 -CAfile /etc/ipa/ca.crt < /dev/null CONNECTED(00000003) depth=1 O = IPA.ASENJO.NX, CN = Certificate Authority verify return:1 depth=0 O = IPA.ASENJO.NX, CN = kdc.ipa.asenjo.nx verify return:1 --- Certificate chain 0 s:/O=IPA.ASENJO.NX/CN=kdc.ipa.asenjo.nx i:/O=IPA.ASENJO.NX/CN=Certificate Authority 1 s:/O=IPA.ASENJO.NX/CN=Certificate Authority i:/O=IPA.ASENJO.NX/CN=Certificate Authority --- Server certificate -----BEGIN CERTIFICATE----- skip -----END CERTIFICATE----- subject=/O=IPA.ASENJO.NX/CN=kdc.ipa.asenjo.nx issuer=/O=IPA.ASENJO.NX/CN=Certificate Authority --- Acceptable client certificate CA names /O=IPA.ASENJO.NX/CN=Certificate Authority --- SSL handshake has read 2044 bytes and written 474 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: 3C51832097D944EDDB8056DB886F0B509D79423173C4C33FB79CB2A28A831C67 Session-ID-ctx: Master-Key: 3F3B2B378B893FF7C2C0177467B43B4A0BB49E9F8632346F80982C22D58B5194208E45064586F5F731BDE063B80D8666 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1364844733 Timeout : 300 (sec) Verify return code: 0 (ok) --- DONE
so you see, the verify return code is 0 and the file is correct.