[KLUG Members] Upgrade to RH 7.2
Dirk H Bartley
members@kalamazoolinux.org
Mon, 12 Nov 2001 10:30:38 -0500
Adam Williams wrote:
>
> >>Is slapd listening on both 389 and 636?
> >To my suprise, slapd is listening on port 636.
> >>Have you verified that your certificates are still OK? You did upgrade
> >>openssl in the process of upgrading RH7.2 (I assume). Possibly they
> >>moved a directory or changed some file permissions. They love to create
> >>new uids that services run as between versions; leaving previous configs
> >>not working because the server process no longer has rights to read the
> >>files.
> Try a
> openssl s_client -connect ldaphost:636 -showcerts
>
Here is a slightly edited version of the output from above command.
CONNECTED(00000003)
depth=0 /C=US/ST=MI/L=Kalamazoo/CN=netsrv
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=MI/L=Kalamazoo/CN=netsrv
verify return:1
---
Certificate chain
0 s:/C=US/ST=MI/L=Kalamazoo/CN=netsrv
i:/C=US/ST=MI/L=Kalamazoo/CN=netsrv
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=MI/L=Kalamazoo/CN=netsrv
issuer=/C=US/ST=MI/L=Kalamazoo/CN=netsrv
---
No client certificate CA names sent
---
SSL handshake has read 812 bytes and written 314 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID: 216835DCE64BA04E0E9539F9B1E686E0525400152C4C0A4E54F2F513C3B87232
Session-ID-ctx:
Master-Key:
Key-Arg : None
Start Time: 1005570768
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
And then it just kind of hangs without returning to the bash prompt.
Dirk