PDA

View Full Version : SLES 11SP1 updated to SP2 LDAP::TLS/SSL problem



seweryns
26-Mar-2012, 23:13
hello everybody,

right after update/migrate to SP2 LDAP browser says: SSL3_GET_CERTIFICATE certificate verify failed (self signed....)
, then i did pointed LDAP_Client to CA Certificate File: /etc/ssl/certs/YaST-CA.pem

_now i got {LDAP_Browser}: TLS: hostname does not match CN in peer certificate...

i do believe all the "problems" come from release SP2 {5.4.1. Stricter SSL Certificate Checks for LDAP Clients}

how to solve this issue ?

seweryns
27-Mar-2012, 21:31
rm -fR / && []<-RH

thx.

ab
27-Mar-2012, 22:01
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Um........... I hope you didn't run that. If you did, I am guessing
you're saying that your fix was to rebuild the box from scratch, right?

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPciqvAAoJEF+XTK08PnB5dT4QAKkPma18Yw wdRFL4fY8ag/Qh
W9Xd/AI9Eum03sK71WTJabCRmSFXq8p8/HbZz2PVSb7J/6i06O8sEdDcO4tjWa1/
7gL0O1iyD+6/osTXxgV0QskFeapSaUAZ5vlqdPMtJhoJykkDpLm9SJIjzzTCCF If
6lTZ2JS1MRE0H5awpqNT6AYQhvW7bKshhJt9dxfq0RmUY1e1Ob z/LNISpIJ7fPUs
RJ0R1Q0+scp265ec4IUm7K4QIS5qE42Df7TPC4ONrltBDsImWA jI+2v6me4jioJ2
/B7nN5hHcDu7VscqZkvZjKeWafrvqD4y80nGay37DVbaq/7ViZqywqqpOZfBgNd0
I3sFhWHHkUsGMUoYhkQl9xioL7DUrEiOag5CyZZp8p+RF/keSGUwu8mVcKQk7C+R
LS5lBxzxqV849+Ea2q2NnLSSLtv1mE8m6Gfh5MPgv4CJoGreHE fundXHHwCjW8jw
qWiJ6JMcBCc22TxqPW+iv8sDomiEAJq/yRQzNT7Ed5Z6CMljlF3iL9ZnbEA3JCDj
7Yk0qi1Ag8R0HTZntntuBuNYAGVu8/52bqX/G16ZwX9mXNkjjR9oPIKdHkrb1kH+
8+KqkVyj9I0iEvbYcGD9jVYgokDsl4RbYGDwsKEFtadOaGVCs7 vDfID5+ItnORoc
d6wt6Pj3f5im8jD2wHN8
=2aG3
-----END PGP SIGNATURE-----

seweryns
28-Mar-2012, 19:53
yes i did so... just left one production_box, and next time i will pay for different support :),
i know it's only certificate problem, but how to do it by yast ?, can't delete current not expired CA..

yast is easy-go just one way, when you do in in particular order, sequentially close to 'proposed' direction..
recently i was struggling with start up/boot process one of service (nmb) was starting too early(before br0 brings up), i haven't found proper configuration to have it done
done it manually, but now you can't use insserv for this anymore...

reseller carried out until i have paid for license, no more, i couldn't even get response regarding trial wee support
so in future i'll stick to clear straight-forward things...

b.r.