[LDAP-interop] Net::LDAPS -> Active Directory

Jeff Saxton jeff.saxton at sensage.com
Thu Mar 30 10:13:20 EST 2006 

Thanks,

I don't know exactly how I got it to work, but I reinstalled 2003 and it started working, I noticed one other post where
the same thing happened, at this point I am speculating that you need to install M$ certificate services BEFORE
setting up AD.

Thanks for the info anyway.

Marcel de Riedmatten wrote:
> Le mardi 28 mars 2006 à 15:27 -0800, Jeff Saxton a écrit :
> 
>>more notes, converted cert to PEM
>>
>>openssl x509 -inform DER -outform PEM -in file.crt -out file.pem
>>
>>[jsaxton at localhost AD]$ openssl s_client -connect adserver:636 -CAfile cert.pem -ssl3
>>CONNECTED(00000003)
>>8294:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:529:
>>[jsaxton at localhost AD]$
>>
>>[jsaxton at localhost AD]$ openssl s_client -connect dhcp205:636 -CAfile cert.pem -ssl2
>>CONNECTED(00000003)
>>8302:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:
>>
>>So it looks like the problem is with the cert?
>>
>>Should I take this to the openssl mailing list?
> 
> 
> May be but are you aware of the extended key usage stuff for AD. See 
> 
> http://www.smallworks.com/~jim/SISO/www.cybcon.com/~coert/linux/siso/
> 
> look for openssl.cnf under 6.1
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> LDAP-interop mailing list
> LDAP-interop at fini.net
> http://lists.fini.net/mailman/listinfo/ldap-interop

-- 
Jeff Saxton
SenSage, Inc.
55 Hawthorne Street Suite 700
San Francisco, CA 94105
Phone:  415.808.5900
Fax:    415.371.1385
Direct: 415-808-5921
Cell:   415-640-6392
mailto:support at sensage.com

Enterprise Security Analytics

SenSage, the leading provider of enterprise security analytics, offers
unparalleled performance and a scalable means for organizations to centrally
aggregate, efficiently analyze, dynamically monitor and cost-effectively
store massive volumes of event log data.


_______________________________________________
LDAP-interop mailing list
LDAP-interop at fini.net
http://lists.fini.net/mailman/listinfo/ldap-interop

More information about the LDAP-interop mailing list