InterceptorF
New Member
389 handshake failure for SSL2 SSL3 and tls1.2 and
636 fails for SSL2 and TLS1.2 but does connect on SSL3.
Question:
What does it take to create new certs and apply them for ports 389 and 636? < syntax?
Here is what I have
Any insight on getting the cert to be assigned to the 389 and 636 ports would be helpful - thanks
1. create a private key :
root#] openssl genrsa -aes256 -out MayKey.key 2048
To review that key:
root]# cat MayKey.key
root#] openssl rsa -text -in MayKey.key
2.Create a Certificate signing request (CSR)
root#] openssl req -new -key MayKey.key -out MayKey.csr
If you want a field to be empty, you must enter a single dot (.) on the line, don't simply hit return.
hit Return. If you do, openSSL will populate the corresponding CSR field with the
default value.
3. Self-sign the CSR
root#] openssl x509 -req -days 365 -in MayKey.csr -signkey MayKey.key -out MayKey.crt
~~~~~~
So now when I look at the license for each port _ see the certificates :
[root@CX-node1 stornext]# openssl s_client -connect 10.20.232.71:443
CONNECTED(00000003)
depth=0 C = US, ST = California, L = San Jose, O = StorNext Software, OU = Quantum Corp., CN = node-1.node-1
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = California, L = San Jose, O = StorNext Software, OU = Quantum Corp., CN = node-1.node-1
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=San Jose/O=StorNext Software/OU=Quantum Corp./CN=node-1.node-1
i:/C=US/ST=California/L=San Jose/O=StorNext Software/OU=Quantum Corp./CN=node-1.node-1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDozCCAougAwIBAgIEFTIJsTANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMRowGAYD
VQQKExFTdG9yTmV4dCBTb2Z0d2FyZTEWMBQGA1UECxMNUXVhbnR1bSBDb3JwLjEW
MBQGA1UEAxMNbm9kZS0xLm5vZGUtMTAeFw0xNjAyMDExOTUxMzJaFw0yMTAxMzAx
OTUxMzJaMIGBMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8G
A1UEBxMIU2FuIEpvc2UxGjAYBgNVBAoTEVN0b3JOZXh0IFNvZnR3YXJlMRYwFAYD
VQQLEw1RdWFudHVtIENvcnAuMRYwFAYDVQQDEw1ub2RlLTEubm9kZS0xMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGK+KSgCY5Yclb1tVAIjfvgHKwS9
TecDggNtswqfaT0FxDC14eRINoYji6UgXOl2rvv0O7Q1ymi1h5EcTvfijA254Ek1
WrELTwVFSSCiNyGDTahzoUg7yaomru+wNPtq/CqLrsG7O1J9f/zdb9ZcUGQYZepr
W/6jOY70qfYx7TKxkE3qOrA4fxkJMzzcS78HxHCXKhanosKkE1gYpbs98GMDfQlM
IvdWUWzmh9ytjYWE/iQpL48Y0b6bPu6MnZsYKX9kePmy0X8tfg+0qOZDiArvwhCX
CsaQ14JgLnqWtkWNADlaU9lo0dZt7iq3SmeAe8Y0/BLcrkt4Sog7wMuMxwIDAQAB
oyEwHzAdBgNVHQ4EFgQUKEg1gz0L3r35Qz82OlNnzwxypXgwDQYJKoZIhvcNAQEL
BQADggEBAGWOSvnhi+OykrhNd34AZDr7VkjOQABTZD7R/qcA5Uzy9fYDnOIFcTsU
DWKe3ibI20fJDUpNJ7vertOL51DWh974fn1kU0FIFj38VFNJ4cvKdIHdrxbq0r1s
zCkdNpzhTiR4Udc2v7Moks4Qi0tHiYQRAfMduT1hFOinj/sbMELUuKXHssE7jmnv
ojAzaEN6aRhgecUlK8PaNoZMAZSMGAJzo0TxaawH3DqJotGA1AlPcIo4O9JjEg/M
1MQknHiYmLp0CP/tOdxkgbL8VgZEBLYn2wfw3A79llKGb8fuFjyW6ynFmkpBGdsZ
jc8e8l65hAXf4uj49hQDTJBmWBNX8Y8=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=San Jose/O=StorNext Software/OU=Quantum Corp./CN=node-1.node-1
issuer=/C=US/ST=California/L=San Jose/O=StorNext Software/OU=Quantum Corp./CN=node-1.node-1
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1419 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 5910B06AB0959E2E9B0824A94239E357A854E2C1A689D31F1C67EF4F461F5605
Session-ID-ctx:
Master-Key: 31465BC30E37F2F852BDE084D15696C15C622CC6324FAAFD984D03B9F071C7302287159691882FEA68A8C496288514FF
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1494265946
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
HEAD/ HTML/1.0
HTTP/1.1 400 Bad Request
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Date: Mon, 08 May 2017 17:54:50 GMT
Connection: close
0
closed
[root@CX-node1 stornext]#
[root@CX-node1 stornext]# clear
[root@CX-node1 stornext]# openssl s_client -connect 10.20.232.71:636
CONNECTED(00000003)
depth=1 CN = CAcert
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
0 s:/DC=localdomain
i:/CN=CAcert
1 s:/CN=CAcert
i:/CN=CAcert
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIBozCCAQygAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwETEPMA0GA1UEAxMGQ0Fj
ZXJ0MB4XDTE2MDIwMzE4MjYxOVoXDTI2MDIwMzE4MjYxOVowHTEbMBkGCgmSJomT
8ixkARkWC2xvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY
FKW12s7FwfjJJ3GoMQmOWpQEaXmcEUZor6sICqsDrBUod/NmYXOt2P03//lLhNiK
d0htRBYyCOctYneOyoQ8QSV00EVaSAC6XZ47ADzv1Jju/+dSLqxFIl7BWRIFfQsn
zgvU84302jcSSXWSd02QLHKgA5hP1OTs+ez/fjHyGQIDAQABMA0GCSqGSIb3DQEB
BQUAA4GBABu1WA/nkUfPNPUBWUVLu/nKXvUvwL5FaCSPB+AZ4Frus8TewC63eZLD
1sSkrF0kOYad/C4p8tR3ozwCVESgL7WVIk23H+4MwDm+9Hfkjnep2MEzhxVstee3
iNqYzwYPErR4K0JoDTOIAErZnOKe57lLIo27m5pZ1lxW4u0LH+SX
-----END CERTIFICATE-----
subject=/DC=localdomain
issuer=/CN=CAcert
---
No client certificate CA names sent
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1205 bytes and written 423 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES128-SHA
Session-ID: 1EC5812437A5D92C5660BD0AE1BBBA4319F9E65160649D3CCAD326992BA79631
Session-ID-ctx:
Master-Key: 6873C6B143054330A02F24B250764E4F8D2F277DDF55CB3C96F8BD705A6D47D5CAF6B968BEC6A1C69F11C720A7FD6549
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1494266208
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
^C
[root@CX-node1 stornext]# openssl s_client -connect 10.20.232.71:389
CONNECTED(00000003)
140349418448712:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1494266279
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
[root@CX-node1 stornext]#
636 fails for SSL2 and TLS1.2 but does connect on SSL3.
Question:
What does it take to create new certs and apply them for ports 389 and 636? < syntax?
Here is what I have
Any insight on getting the cert to be assigned to the 389 and 636 ports would be helpful - thanks
1. create a private key :
root#] openssl genrsa -aes256 -out MayKey.key 2048
To review that key:
root]# cat MayKey.key
root#] openssl rsa -text -in MayKey.key
2.Create a Certificate signing request (CSR)
root#] openssl req -new -key MayKey.key -out MayKey.csr
If you want a field to be empty, you must enter a single dot (.) on the line, don't simply hit return.
hit Return. If you do, openSSL will populate the corresponding CSR field with the
default value.
3. Self-sign the CSR
root#] openssl x509 -req -days 365 -in MayKey.csr -signkey MayKey.key -out MayKey.crt
~~~~~~
So now when I look at the license for each port _ see the certificates :
[root@CX-node1 stornext]# openssl s_client -connect 10.20.232.71:443
CONNECTED(00000003)
depth=0 C = US, ST = California, L = San Jose, O = StorNext Software, OU = Quantum Corp., CN = node-1.node-1
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = California, L = San Jose, O = StorNext Software, OU = Quantum Corp., CN = node-1.node-1
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=San Jose/O=StorNext Software/OU=Quantum Corp./CN=node-1.node-1
i:/C=US/ST=California/L=San Jose/O=StorNext Software/OU=Quantum Corp./CN=node-1.node-1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDozCCAougAwIBAgIEFTIJsTANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMRowGAYD
VQQKExFTdG9yTmV4dCBTb2Z0d2FyZTEWMBQGA1UECxMNUXVhbnR1bSBDb3JwLjEW
MBQGA1UEAxMNbm9kZS0xLm5vZGUtMTAeFw0xNjAyMDExOTUxMzJaFw0yMTAxMzAx
OTUxMzJaMIGBMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8G
A1UEBxMIU2FuIEpvc2UxGjAYBgNVBAoTEVN0b3JOZXh0IFNvZnR3YXJlMRYwFAYD
VQQLEw1RdWFudHVtIENvcnAuMRYwFAYDVQQDEw1ub2RlLTEubm9kZS0xMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGK+KSgCY5Yclb1tVAIjfvgHKwS9
TecDggNtswqfaT0FxDC14eRINoYji6UgXOl2rvv0O7Q1ymi1h5EcTvfijA254Ek1
WrELTwVFSSCiNyGDTahzoUg7yaomru+wNPtq/CqLrsG7O1J9f/zdb9ZcUGQYZepr
W/6jOY70qfYx7TKxkE3qOrA4fxkJMzzcS78HxHCXKhanosKkE1gYpbs98GMDfQlM
IvdWUWzmh9ytjYWE/iQpL48Y0b6bPu6MnZsYKX9kePmy0X8tfg+0qOZDiArvwhCX
CsaQ14JgLnqWtkWNADlaU9lo0dZt7iq3SmeAe8Y0/BLcrkt4Sog7wMuMxwIDAQAB
oyEwHzAdBgNVHQ4EFgQUKEg1gz0L3r35Qz82OlNnzwxypXgwDQYJKoZIhvcNAQEL
BQADggEBAGWOSvnhi+OykrhNd34AZDr7VkjOQABTZD7R/qcA5Uzy9fYDnOIFcTsU
DWKe3ibI20fJDUpNJ7vertOL51DWh974fn1kU0FIFj38VFNJ4cvKdIHdrxbq0r1s
zCkdNpzhTiR4Udc2v7Moks4Qi0tHiYQRAfMduT1hFOinj/sbMELUuKXHssE7jmnv
ojAzaEN6aRhgecUlK8PaNoZMAZSMGAJzo0TxaawH3DqJotGA1AlPcIo4O9JjEg/M
1MQknHiYmLp0CP/tOdxkgbL8VgZEBLYn2wfw3A79llKGb8fuFjyW6ynFmkpBGdsZ
jc8e8l65hAXf4uj49hQDTJBmWBNX8Y8=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=San Jose/O=StorNext Software/OU=Quantum Corp./CN=node-1.node-1
issuer=/C=US/ST=California/L=San Jose/O=StorNext Software/OU=Quantum Corp./CN=node-1.node-1
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1419 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 5910B06AB0959E2E9B0824A94239E357A854E2C1A689D31F1C67EF4F461F5605
Session-ID-ctx:
Master-Key: 31465BC30E37F2F852BDE084D15696C15C622CC6324FAAFD984D03B9F071C7302287159691882FEA68A8C496288514FF
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1494265946
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
HEAD/ HTML/1.0
HTTP/1.1 400 Bad Request
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Date: Mon, 08 May 2017 17:54:50 GMT
Connection: close
0
closed
[root@CX-node1 stornext]#
[root@CX-node1 stornext]# clear
[root@CX-node1 stornext]# openssl s_client -connect 10.20.232.71:636
CONNECTED(00000003)
depth=1 CN = CAcert
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
0 s:/DC=localdomain
i:/CN=CAcert
1 s:/CN=CAcert
i:/CN=CAcert
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIBozCCAQygAwIBAgICA+kwDQYJKoZIhvcNAQEFBQAwETEPMA0GA1UEAxMGQ0Fj
ZXJ0MB4XDTE2MDIwMzE4MjYxOVoXDTI2MDIwMzE4MjYxOVowHTEbMBkGCgmSJomT
8ixkARkWC2xvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY
FKW12s7FwfjJJ3GoMQmOWpQEaXmcEUZor6sICqsDrBUod/NmYXOt2P03//lLhNiK
d0htRBYyCOctYneOyoQ8QSV00EVaSAC6XZ47ADzv1Jju/+dSLqxFIl7BWRIFfQsn
zgvU84302jcSSXWSd02QLHKgA5hP1OTs+ez/fjHyGQIDAQABMA0GCSqGSIb3DQEB
BQUAA4GBABu1WA/nkUfPNPUBWUVLu/nKXvUvwL5FaCSPB+AZ4Frus8TewC63eZLD
1sSkrF0kOYad/C4p8tR3ozwCVESgL7WVIk23H+4MwDm+9Hfkjnep2MEzhxVstee3
iNqYzwYPErR4K0JoDTOIAErZnOKe57lLIo27m5pZ1lxW4u0LH+SX
-----END CERTIFICATE-----
subject=/DC=localdomain
issuer=/CN=CAcert
---
No client certificate CA names sent
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1205 bytes and written 423 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES128-SHA
Session-ID: 1EC5812437A5D92C5660BD0AE1BBBA4319F9E65160649D3CCAD326992BA79631
Session-ID-ctx:
Master-Key: 6873C6B143054330A02F24B250764E4F8D2F277DDF55CB3C96F8BD705A6D47D5CAF6B968BEC6A1C69F11C720A7FD6549
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1494266208
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
^C
[root@CX-node1 stornext]# openssl s_client -connect 10.20.232.71:389
CONNECTED(00000003)
140349418448712:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1494266279
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
[root@CX-node1 stornext]#