LDAP Linux LDAP TLS: различия между версиями
Материал из noname.com.ua
Перейти к навигацииПерейти к поискуSirmax (обсуждение | вклад) |
Sirmax (обсуждение | вклад) |
||
| Строка 1: | Строка 1: | ||
=LDAP Шифрование= |
=LDAP Шифрование= |
||
* http://pro-ldap.ru/books/openldap-ubuntu-in-practice/tls.html |
* http://pro-ldap.ru/books/openldap-ubuntu-in-practice/tls.html |
||
| + | |||
| + | |||
| + | |||
| Строка 51: | Строка 54: | ||
tcp6 0 0 :::636 :::* LISTEN 6294/slapd |
tcp6 0 0 :::636 :::* LISTEN 6294/slapd |
||
tcp6 0 0 :::389 :::* LISTEN 6294/slapd |
tcp6 0 0 :::389 :::* LISTEN 6294/slapd |
||
| + | </PRE> |
||
| + | |||
| + | |||
| + | |||
| + | ==Проверка== |
||
| + | <PRE> |
||
| + | gnutls-cli -p 636 ldap1 -d 1 --print-cert --x509cafile /etc/ssl/certs/rootca.crt |
||
| + | </PRE> |
||
| + | <PRE> |
||
| + | Processed 1 CA certificate(s). |
||
| + | Resolving 'ldap1'... |
||
| + | Connecting to '10.20.0.3:636'... |
||
| + | - Certificate type: X.509 |
||
| + | - Got a certificate list of 2 certificates. |
||
| + | - Certificate[0] info: |
||
| + | - subject `C=UA,ST=Kharkov,O=MirantisInc,OU=ServicesDepartment,CN=ldap1,EMAIL=mmaxur@mirantis.com', issuer `C=UA,ST=Kharkov,L=Kharkov,O=MirantisInc,OU=ServicesDepartment,CN=ca-server,EMAIL=mmaxur@mirantis.com', RSA key 4096 bits, signed using RSA-SHA256, activated `2016-05-26 10:25:31 UTC', expires `2026-05-24 10:25:31 UTC', SHA-1 fingerprint `c07f85c03b773984ed3c4df7530b4d2366f4dad6' |
||
| + | |||
| + | -----BEGIN CERTIFICATE----- |
||
| + | MIIGKjCCBBKgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZwxCzAJBgNVBAYTAlVB |
||
| + | MRAwDgYDVQQIDAdLaGFya292MRAwDgYDVQQHDAdLaGFya292MRQwEgYDVQQKDAtN |
||
| + | aXJhbnRpc0luYzEbMBkGA1UECwwSU2VydmljZXNEZXBhcnRtZW50MRIwEAYDVQQD |
||
| + | DAljYS1zZXJ2ZXIxIjAgBgkqhkiG9w0BCQEWE21tYXh1ckBtaXJhbnRpcy5jb20w |
||
| + | HhcNMTYwNTI2MTAyNTMxWhcNMjYwNTI0MTAyNTMxWjCBhjELMAkGA1UEBhMCVUEx |
||
| + | EDAOBgNVBAgMB0toYXJrb3YxFDASBgNVBAoMC01pcmFudGlzSW5jMRswGQYDVQQL |
||
| + | DBJTZXJ2aWNlc0RlcGFydG1lbnQxDjAMBgNVBAMMBWxkYXAxMSIwIAYJKoZIhvcN |
||
| + | AQkBFhNtbWF4dXJAbWlyYW50aXMuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A |
||
| + | MIICCgKCAgEA17ksfFHcbpLGQyJfvu4gfDhcmFQr4Le6UiLfefKugtaB4dX5c6Fd |
||
| + | 4h2EHWCtkrZAZiXvRnNavSxaU+VNLraFjpIILUbzbg/2uYYIPofy9RQzdqDJhnKj |
||
| + | 1avVPPH19YIfTWHP07Y/flH3Ac/QR2uiSFitJrjLU8LsjEXwLRYhewPukWrj5Uqa |
||
| + | oaCIUr91V0NMX6qKlJA/Ri9j3yI/P9UsvNjANDSiqI4EqKZkxsN+ck4eZAcjFUYR |
||
| + | vomu0LO7mPxHUekzJhN3Gl6Yt4meyH5fP3HnHOYk93hKL78hewZ2riEv7Nwwg+zy |
||
| + | Hb0RG9Mfx0Yz6it/fwT3obycWXhBab2FgLW5K1yYiqLo1oVfl80MO5ZNsNK4WMcy |
||
| + | qQx60i2qLT48+uC6LgUOzhFWjTlTMsEOgj35EJn3rsjUUJpdtA6SiXJpE6lVFoRu |
||
| + | ACt+Iwqu7Dq9QuJKeYcGmWsatMPkpeWz93pV1TT2rtdABJgeiIKDtJWu8Oh2Y/NV |
||
| + | vwqAghprjO84Vlxqq9xkXX8YvRRN8bwLSWlyCj2QDcRhLjDTeGqk0qUuV+nNfOBh |
||
| + | bJ6MX3IhOhu55VjzFdGcOd/cZzg+yGugPFsT2WXDp1sxROGf3MLhBbymG2egh98k |
||
| + | qFzTAM2DXGB8ZkfxEuaRW3rNA3Fjg2kElKP+6GaUYtEj4MTbuoppBBsCAwEAAaOB |
||
| + | iTCBhjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAsBglghkgBhvhCAQ0EHxYdT3Bl |
||
| + | blNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFFpPbsihmyodcQkK |
||
| + | ii7/IArfCH8sMB8GA1UdIwQYMBaAFP5rBQIiPdv/ZXeLeTPV2KJ1JR8iMA0GCSqG |
||
| + | SIb3DQEBCwUAA4ICAQCdfkpuE69mGfQwLe2kHEA45TPjogOalPp8H73dqLDxE80T |
||
| + | s1W5XyJBZQccpVFoXS25M9fDeWjuvMTwdIP6q6DDArC1lVs0zdAOhTt6POpI7Cvu |
||
| + | zrBM/wa6YUVZtXSM4Qtw4tE3Nx71s9Tp2jVra75RvjQrUnISwPfop3zapzCpTqEQ |
||
| + | zvrl5Vsfd0AMmN1RKoFdYQr6LX7nInf029a8IBOCXzv6Ufd3NwxxelKkO2U49XYo |
||
| + | tFycxyDzo/B//cS8b8a7fu3yysP8W5b3oNgE6Tth1vR3zLy4uiwpIi6ptYBUlkG+ |
||
| + | gqIXzqI+2MIyYWaA3UXIfRhi7j3CENGIA1TAAPSvfFnolYiFSXiY28b6P2nyl8WC |
||
| + | xCySbdZtGh+fvxeP+cNl1VMDEmU94XDIgA7Nl5yacPLY4GwKnjAkfyp4uL9dYvJV |
||
| + | 1wKgzYohF1Elm6YiPa2Wv1fuMNkT9iZ0DMyLV4ixxkKkuuCXCLKXmg4REQPsnE6V |
||
| + | Eu/tQ6mfUugO6+d1ZkI/iAc0cjNtjrOKhS/Fsb49UWThjM+pyOFVO0hMybKYBwZL |
||
| + | 1JDiwSM1uYts3TUxLBNb4SXeYoqZRFoFJiP14yjw9j0nuU1Au7ginFf0IYYq2VHI |
||
| + | M7woolzYH+/vlOK+5aQrgcsanCy/7s4prux4IRTx5SGzqW+idA2UW26+5WyKbg== |
||
| + | -----END CERTIFICATE----- |
||
| + | |||
| + | - Certificate[1] info: |
||
| + | - subject `C=UA,ST=Kharkov,L=Kharkov,O=MirantisInc,OU=ServicesDepartment,CN=ca-server,EMAIL=mmaxur@mirantis.com', issuer `C=UA,ST=Kharkov,L=Kharkov,O=MirantisInc,OU=ServicesDepartment,CN=ca-server,EMAIL=mmaxur@mirantis.com', RSA key 4096 bits, signed using RSA-SHA256, activated `2016-05-26 10:16:07 UTC', expires `2026-05-24 10:16:07 UTC', SHA-1 fingerprint `0f74fdaf2195ae2b1f599e3963e3b18970cb81a3' |
||
| + | |||
| + | -----BEGIN CERTIFICATE----- |
||
| + | MIIGGjCCBAKgAwIBAgIJAN1rpxx3AA9AMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD |
||
| + | VQQGEwJVQTEQMA4GA1UECAwHS2hhcmtvdjEQMA4GA1UEBwwHS2hhcmtvdjEUMBIG |
||
| + | A1UECgwLTWlyYW50aXNJbmMxGzAZBgNVBAsMElNlcnZpY2VzRGVwYXJ0bWVudDES |
||
| + | MBAGA1UEAwwJY2Etc2VydmVyMSIwIAYJKoZIhvcNAQkBFhNtbWF4dXJAbWlyYW50 |
||
| + | aXMuY29tMB4XDTE2MDUyNjEwMTYwN1oXDTI2MDUyNDEwMTYwN1owgZwxCzAJBgNV |
||
| + | BAYTAlVBMRAwDgYDVQQIDAdLaGFya292MRAwDgYDVQQHDAdLaGFya292MRQwEgYD |
||
| + | VQQKDAtNaXJhbnRpc0luYzEbMBkGA1UECwwSU2VydmljZXNEZXBhcnRtZW50MRIw |
||
| + | EAYDVQQDDAljYS1zZXJ2ZXIxIjAgBgkqhkiG9w0BCQEWE21tYXh1ckBtaXJhbnRp |
||
| + | cy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCuZEMVa87WGQJl |
||
| + | 1foQGNt4Qh/CWcggjjIqn8IYSPPtqn3YAxvUnubA+DQxkH7PNYR6G9PdNgQon2mV |
||
| + | xvwVFL6YouDkPtEO101B3vM28U3vEEOSLUcign+2XqzKf7lqyXzMK7/wk+iubAfH |
||
| + | hVhXosC+TSwH+eywO1lo2vbOZkf93ZiURDEZfixcMLuYMM8xdOeWeWtnQIA7D8QF |
||
| + | E5wADWXaYpMlmZzHmmtx76l5BGZL75pG0YkAexllu5idlqADhN77xGM69ZSV/pYJ |
||
| + | apMRhy4z0e17UzEbGWgv6OnUNhwGhOCgyIRk7PTKyjU+mxh3qdoNaqNt7Jj60EB7 |
||
| + | dvzHeosrizcYaFwaqbBxVRMKJOcNYh7ZYlyrdexa9Wau3xf0NFvyBZ8rvsBv9Ax+ |
||
| + | xuRCq2uVGc3rQHZzkwocquAgACY+1GpxFtpNUBhvmi25TUbm8OkAq7lYpf2sptJH |
||
| + | ReZf4EdHhWuHLI93X5Pm6cb0uE+85kuJPNGMprcwvWM5QiT1N56LAVKiApZTSqo8 |
||
| + | bcuJZs+nXI4IrYRXjCn75E0LLRpVLXc7+vfKHgHClL9/bhOxcOdwyXejnDQVzWe4 |
||
| + | 5JvwzLtL3/4KDiTLjG4foJztosxn92cAJAp30cdUalf7QkEFqp5RCvRY2vFVosM5 |
||
| + | 0Vu3bicGcyucHyxigxWP44qpaJe9WwIDAQABo10wWzAdBgNVHQ4EFgQU/msFAiI9 |
||
| + | 2/9ld4t5M9XYonUlHyIwHwYDVR0jBBgwFoAU/msFAiI92/9ld4t5M9XYonUlHyIw |
||
| + | DAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAHMZ |
||
| + | 609hm52CYxouUnvH+timAgiqbVv8QCb6IzgM5uRNejlxTzj63RBFvxC6n2UPqBpj |
||
| + | yGtYuwpO249e+sD01ZS0r4B69a3yBePH6Ay4leqfStuqc9dcyamK7lQk8PAsF4wv |
||
| + | yrywNpgGbecDReHJPrOmc5nQw3AlhwcwceHHS7mqaS+SWj1md97saD8uqHK0O5vu |
||
| + | PFlJUKiztQqR2PMPWiKw+Pjri+RAXHj4TCxjPt5Z0wSR+xP/YE1MymvegPUrZ7/7 |
||
| + | rFWuqfHDVLh7IA16q+h1xU+FMnVdiPigEJ+Omn6dDfqHD9BBcKOUFYOJiXtG4TDc |
||
| + | tX401kpG1Qm00kS3XtveQgGPF1OWNLyyDr1dDy8/B+77W1yli/VbzK6H4jwrVGy7 |
||
| + | EAEzpfbwRJnSIIUczG8//1G6a5yrpcjohKhWY1uBrv56LJdq16OVN3aK5nacMKmQ |
||
| + | p+YpPu/ZT5LVUOzt8I32Q8i1Tn9YZma7vEftvGCZKVcgqlVIpb3P7/7dyRXoMuFD |
||
| + | bErDIDxScMvg82Vg2JF4NzaOp+CXRAYuXbel5anoFOt7FFfnO2w0/aLQpAT+jpze |
||
| + | qcL37IGyCGxOloej7NkdQsX9eJJNIdy5oLjniJ8/d402A0zziPdfrqa0c3FpGukZ |
||
| + | syWlWH0RCerDgVmq+i6l5zGbtx/tKPpLYcJkAetJ |
||
| + | -----END CERTIFICATE----- |
||
| + | |||
| + | - The hostname in the certificate matches 'ldap1'. |
||
| + | - Peer's certificate is trusted |
||
| + | - Version: TLS1.2 |
||
| + | - Key Exchange: RSA |
||
| + | - Cipher: AES-128-CBC |
||
| + | - MAC: SHA1 |
||
| + | - Compression: NULL |
||
| + | - Handshake was completed |
||
| + | |||
| + | - Simple Client Mode: |
||
</PRE> |
</PRE> |
||
Версия 12:57, 26 мая 2016
LDAP Шифрование
\ldapmodify -Y EXTERNAL -H ldapi:/// < 01_certs.ldif
SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config"
\ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config -s base
Вывод:
# config dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/run/slapd/slapd.args olcLogLevel: none olcPidFile: /var/run/slapd/slapd.pid olcToolThreads: 1 olcTLSVerifyClient: never olcTLSCertificateFile: /etc/ldap/ssl/ldap-srv.example.com.crt olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap-srv.example.com.key olcTLSCACertificateFile: /etc/ssl/certs/rootca.crt
root@node-3:/etc/ldap# netstat -ntpl | grep slap tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 2875/slapd tcp6 0 0 :::389 :::* LISTEN 2875/slapd
# /etc/init.d/slapd restart * Stopping OpenLDAP slapd [ OK ] * Starting OpenLDAP slapd [ OK ]
# netstat -ntpl | grep slap tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 6294/slapd tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 6294/slapd tcp6 0 0 :::636 :::* LISTEN 6294/slapd tcp6 0 0 :::389 :::* LISTEN 6294/slapd
Проверка
gnutls-cli -p 636 ldap1 -d 1 --print-cert --x509cafile /etc/ssl/certs/rootca.crt
Processed 1 CA certificate(s). Resolving 'ldap1'... Connecting to '10.20.0.3:636'... - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: - subject `C=UA,ST=Kharkov,O=MirantisInc,OU=ServicesDepartment,CN=ldap1,EMAIL=mmaxur@mirantis.com', issuer `C=UA,ST=Kharkov,L=Kharkov,O=MirantisInc,OU=ServicesDepartment,CN=ca-server,EMAIL=mmaxur@mirantis.com', RSA key 4096 bits, signed using RSA-SHA256, activated `2016-05-26 10:25:31 UTC', expires `2026-05-24 10:25:31 UTC', SHA-1 fingerprint `c07f85c03b773984ed3c4df7530b4d2366f4dad6' -----BEGIN CERTIFICATE----- MIIGKjCCBBKgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZwxCzAJBgNVBAYTAlVB MRAwDgYDVQQIDAdLaGFya292MRAwDgYDVQQHDAdLaGFya292MRQwEgYDVQQKDAtN aXJhbnRpc0luYzEbMBkGA1UECwwSU2VydmljZXNEZXBhcnRtZW50MRIwEAYDVQQD DAljYS1zZXJ2ZXIxIjAgBgkqhkiG9w0BCQEWE21tYXh1ckBtaXJhbnRpcy5jb20w HhcNMTYwNTI2MTAyNTMxWhcNMjYwNTI0MTAyNTMxWjCBhjELMAkGA1UEBhMCVUEx EDAOBgNVBAgMB0toYXJrb3YxFDASBgNVBAoMC01pcmFudGlzSW5jMRswGQYDVQQL DBJTZXJ2aWNlc0RlcGFydG1lbnQxDjAMBgNVBAMMBWxkYXAxMSIwIAYJKoZIhvcN AQkBFhNtbWF4dXJAbWlyYW50aXMuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MIICCgKCAgEA17ksfFHcbpLGQyJfvu4gfDhcmFQr4Le6UiLfefKugtaB4dX5c6Fd 4h2EHWCtkrZAZiXvRnNavSxaU+VNLraFjpIILUbzbg/2uYYIPofy9RQzdqDJhnKj 1avVPPH19YIfTWHP07Y/flH3Ac/QR2uiSFitJrjLU8LsjEXwLRYhewPukWrj5Uqa oaCIUr91V0NMX6qKlJA/Ri9j3yI/P9UsvNjANDSiqI4EqKZkxsN+ck4eZAcjFUYR vomu0LO7mPxHUekzJhN3Gl6Yt4meyH5fP3HnHOYk93hKL78hewZ2riEv7Nwwg+zy Hb0RG9Mfx0Yz6it/fwT3obycWXhBab2FgLW5K1yYiqLo1oVfl80MO5ZNsNK4WMcy qQx60i2qLT48+uC6LgUOzhFWjTlTMsEOgj35EJn3rsjUUJpdtA6SiXJpE6lVFoRu ACt+Iwqu7Dq9QuJKeYcGmWsatMPkpeWz93pV1TT2rtdABJgeiIKDtJWu8Oh2Y/NV vwqAghprjO84Vlxqq9xkXX8YvRRN8bwLSWlyCj2QDcRhLjDTeGqk0qUuV+nNfOBh bJ6MX3IhOhu55VjzFdGcOd/cZzg+yGugPFsT2WXDp1sxROGf3MLhBbymG2egh98k qFzTAM2DXGB8ZkfxEuaRW3rNA3Fjg2kElKP+6GaUYtEj4MTbuoppBBsCAwEAAaOB iTCBhjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAsBglghkgBhvhCAQ0EHxYdT3Bl blNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFFpPbsihmyodcQkK ii7/IArfCH8sMB8GA1UdIwQYMBaAFP5rBQIiPdv/ZXeLeTPV2KJ1JR8iMA0GCSqG SIb3DQEBCwUAA4ICAQCdfkpuE69mGfQwLe2kHEA45TPjogOalPp8H73dqLDxE80T s1W5XyJBZQccpVFoXS25M9fDeWjuvMTwdIP6q6DDArC1lVs0zdAOhTt6POpI7Cvu zrBM/wa6YUVZtXSM4Qtw4tE3Nx71s9Tp2jVra75RvjQrUnISwPfop3zapzCpTqEQ zvrl5Vsfd0AMmN1RKoFdYQr6LX7nInf029a8IBOCXzv6Ufd3NwxxelKkO2U49XYo tFycxyDzo/B//cS8b8a7fu3yysP8W5b3oNgE6Tth1vR3zLy4uiwpIi6ptYBUlkG+ gqIXzqI+2MIyYWaA3UXIfRhi7j3CENGIA1TAAPSvfFnolYiFSXiY28b6P2nyl8WC xCySbdZtGh+fvxeP+cNl1VMDEmU94XDIgA7Nl5yacPLY4GwKnjAkfyp4uL9dYvJV 1wKgzYohF1Elm6YiPa2Wv1fuMNkT9iZ0DMyLV4ixxkKkuuCXCLKXmg4REQPsnE6V Eu/tQ6mfUugO6+d1ZkI/iAc0cjNtjrOKhS/Fsb49UWThjM+pyOFVO0hMybKYBwZL 1JDiwSM1uYts3TUxLBNb4SXeYoqZRFoFJiP14yjw9j0nuU1Au7ginFf0IYYq2VHI M7woolzYH+/vlOK+5aQrgcsanCy/7s4prux4IRTx5SGzqW+idA2UW26+5WyKbg== -----END CERTIFICATE----- - Certificate[1] info: - subject `C=UA,ST=Kharkov,L=Kharkov,O=MirantisInc,OU=ServicesDepartment,CN=ca-server,EMAIL=mmaxur@mirantis.com', issuer `C=UA,ST=Kharkov,L=Kharkov,O=MirantisInc,OU=ServicesDepartment,CN=ca-server,EMAIL=mmaxur@mirantis.com', RSA key 4096 bits, signed using RSA-SHA256, activated `2016-05-26 10:16:07 UTC', expires `2026-05-24 10:16:07 UTC', SHA-1 fingerprint `0f74fdaf2195ae2b1f599e3963e3b18970cb81a3' -----BEGIN CERTIFICATE----- MIIGGjCCBAKgAwIBAgIJAN1rpxx3AA9AMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD VQQGEwJVQTEQMA4GA1UECAwHS2hhcmtvdjEQMA4GA1UEBwwHS2hhcmtvdjEUMBIG A1UECgwLTWlyYW50aXNJbmMxGzAZBgNVBAsMElNlcnZpY2VzRGVwYXJ0bWVudDES MBAGA1UEAwwJY2Etc2VydmVyMSIwIAYJKoZIhvcNAQkBFhNtbWF4dXJAbWlyYW50 aXMuY29tMB4XDTE2MDUyNjEwMTYwN1oXDTI2MDUyNDEwMTYwN1owgZwxCzAJBgNV BAYTAlVBMRAwDgYDVQQIDAdLaGFya292MRAwDgYDVQQHDAdLaGFya292MRQwEgYD VQQKDAtNaXJhbnRpc0luYzEbMBkGA1UECwwSU2VydmljZXNEZXBhcnRtZW50MRIw EAYDVQQDDAljYS1zZXJ2ZXIxIjAgBgkqhkiG9w0BCQEWE21tYXh1ckBtaXJhbnRp cy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCuZEMVa87WGQJl 1foQGNt4Qh/CWcggjjIqn8IYSPPtqn3YAxvUnubA+DQxkH7PNYR6G9PdNgQon2mV xvwVFL6YouDkPtEO101B3vM28U3vEEOSLUcign+2XqzKf7lqyXzMK7/wk+iubAfH hVhXosC+TSwH+eywO1lo2vbOZkf93ZiURDEZfixcMLuYMM8xdOeWeWtnQIA7D8QF E5wADWXaYpMlmZzHmmtx76l5BGZL75pG0YkAexllu5idlqADhN77xGM69ZSV/pYJ apMRhy4z0e17UzEbGWgv6OnUNhwGhOCgyIRk7PTKyjU+mxh3qdoNaqNt7Jj60EB7 dvzHeosrizcYaFwaqbBxVRMKJOcNYh7ZYlyrdexa9Wau3xf0NFvyBZ8rvsBv9Ax+ xuRCq2uVGc3rQHZzkwocquAgACY+1GpxFtpNUBhvmi25TUbm8OkAq7lYpf2sptJH ReZf4EdHhWuHLI93X5Pm6cb0uE+85kuJPNGMprcwvWM5QiT1N56LAVKiApZTSqo8 bcuJZs+nXI4IrYRXjCn75E0LLRpVLXc7+vfKHgHClL9/bhOxcOdwyXejnDQVzWe4 5JvwzLtL3/4KDiTLjG4foJztosxn92cAJAp30cdUalf7QkEFqp5RCvRY2vFVosM5 0Vu3bicGcyucHyxigxWP44qpaJe9WwIDAQABo10wWzAdBgNVHQ4EFgQU/msFAiI9 2/9ld4t5M9XYonUlHyIwHwYDVR0jBBgwFoAU/msFAiI92/9ld4t5M9XYonUlHyIw DAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAHMZ 609hm52CYxouUnvH+timAgiqbVv8QCb6IzgM5uRNejlxTzj63RBFvxC6n2UPqBpj yGtYuwpO249e+sD01ZS0r4B69a3yBePH6Ay4leqfStuqc9dcyamK7lQk8PAsF4wv yrywNpgGbecDReHJPrOmc5nQw3AlhwcwceHHS7mqaS+SWj1md97saD8uqHK0O5vu PFlJUKiztQqR2PMPWiKw+Pjri+RAXHj4TCxjPt5Z0wSR+xP/YE1MymvegPUrZ7/7 rFWuqfHDVLh7IA16q+h1xU+FMnVdiPigEJ+Omn6dDfqHD9BBcKOUFYOJiXtG4TDc tX401kpG1Qm00kS3XtveQgGPF1OWNLyyDr1dDy8/B+77W1yli/VbzK6H4jwrVGy7 EAEzpfbwRJnSIIUczG8//1G6a5yrpcjohKhWY1uBrv56LJdq16OVN3aK5nacMKmQ p+YpPu/ZT5LVUOzt8I32Q8i1Tn9YZma7vEftvGCZKVcgqlVIpb3P7/7dyRXoMuFD bErDIDxScMvg82Vg2JF4NzaOp+CXRAYuXbel5anoFOt7FFfnO2w0/aLQpAT+jpze qcL37IGyCGxOloej7NkdQsX9eJJNIdy5oLjniJ8/d402A0zziPdfrqa0c3FpGukZ syWlWH0RCerDgVmq+i6l5zGbtx/tKPpLYcJkAetJ -----END CERTIFICATE----- - The hostname in the certificate matches 'ldap1'. - Peer's certificate is trusted - Version: TLS1.2 - Key Exchange: RSA - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL - Handshake was completed - Simple Client Mode:
