Re: OpenSSL and OCS and Windows 2003 CA

On 14 Nov, 15:10, BoNes <eoinm...@xxxxxxxxx> wrote:
OpenSSL> s_client -connect applicationserver:5061 -cert d:\tlscert
\sipccmscert.pem -CAp
ath d:\tlscert\ -state
Loading 'screen' into random state - done
CONNECTED(00000084)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 /C=IE/ST=Connaught/L=Galway/O=nortel/OU=sip/
CN=serverx.ocstwo.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=IE/ST=Connaught/L=Galway/O=nortel/OU=sip/
CN=serverx.ocstwo.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=IE/ST=Connaught/L=Galway/O=nortel/OU=sip/
CN=serverx.ocstwo.com
verify error:num=21:unable to verify the first certificate
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
Certificate chain
0 s:/C=IE/ST=Connaught/L=Galway/O=nortel/OU=sip/CN=serverx.ocstwo.com
i:/DC=com/DC=ocstwo/CN=ocstwo
---
Server certificate
-----BEGIN CERTIFICATE-----
<deleted by me>

-----END CERTIFICATE-----
subject=/C=IE/ST=Connaught/L=Galway/O=nortel/OU=sip/
CN=serverx.ocstwo.com
issuer=/DC=com/DC=ocstwo/CN=ocstwo
---
No client certificate CA names sent
---
SSL handshake has read 1627 bytes and written 314 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID:
FF0B000086EC47DDC65394413EA53DD9349B0FBB51D0927A8A644CC78DFB76AC

Session-ID-ctx:
Master-Key:
EBD3E560F715166AA7B389973E0792031047E28FEA6E0B1A6E320775C08EFBA3
AE8CB701E6C436759B595F3880F57F0F
Key-Arg : None
Start Time: 1195052123
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---

Apologies if I am posting unecessary info , very new to this and I
find it very slow going so far

sorry deleted some info when editing

I am running s_client on the application server itself, is this a
valid test or should I be trying this command on the OCS server ?

.

Relevant Pages

  • Re: Unable to use stunnel with tin...
    ... Looks like you got an odd version of stunnel. ... was getting the certificate written correctly. ... Next verify you can connect to the server. ...
    (comp.os.linux.setup)
  • Re: AD and SSL
    ... I'm trying something similar, with a java client, but can't seem to ... I'm trying to connect to an active directory (W2K server) using ssl (with ... verify return:1 ... Server certificate ...
    (microsoft.public.win2000.active_directory)
  • RE: [Full-Disclosure] Openssl proof of concept code? / Neoteris
    ... its own built-in cert and offers it up without solicitation. ... SSL connection with the server with a corrupt cert like that. ... modify a copy of openssl such that it sends a client certificate ... verify error:num=20:unable to get local issuer certificate ...
    (Full-Disclosure)
  • RE: RPC over HTTP Certificate Issue
    ... There's no need to configure Exchange - whatever changes you made, ... When you installed the certificate, did you install it in the Trusted Root ... I enabled RPC over HTTP on SBS 2003 Sp1 server, ... How to Verify That World Wide Web Publishing Service Is ...
    (microsoft.public.windows.server.sbs)
  • Re: Issue with DP or Client I cant tell
    ... > I have a win2k client with advanced client security within AD, ... > 4) Verify that the Task Scheduler is enabled. ... > 9) Verify that the SQL Server has named pipes enabled. ... > X component" - However this appears on all other secondary site ...
    (microsoft.public.sms.admin)