• 12
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Troubleshoot SSL handshake for LDAPS protocol

I have a situation where an apache web server tries to connect to a remote Windows 2016 LDAP via SSL. I have access only to the Linux machine on which the apache server is situated. There are no apache logs on the error, but when I try to access the remote ldap via ldaps with wget, I get an error 500. When I disable the LDAPS and use only ldap - all connections are OK.

So, my question is: How can I troubleshoot the SSL handshake on the remote machine since I do not have access to it. I use W10 and connect to the Linux machine via putty.

Thanks in advance for your time and attention.

ssl

If you really want to "troubleshoot the SSL handshake" you can do it by simply capturing the Linux machine's traffic, with tcpdump, dumpcap or whatever.

It seems quite likely that the problem is either before or after it, though (firewall, service disabled, whatever - I don't really know anything about LDAPS on Windows Server - but you haven't really asked about that).

If the handshake really occurs and succeeds of course the succeeding traffic will be encrypted. Here there seem to be instructions to dump the keys that would allow you to decrypt it, if you're connecting from an Apache server (which uses OpenSSL).

Keep in mind that if you can reach (remotely) the Windows Server machine without passing through the Linux server, it would most likely be more convenient to carry out at least the first steps of the troubleshooting from your own local machine.

  • 0
Reply Report
      • 1
    • gbr you are correct, I played a little today and indeed the tcpdump did the job. I extracted the info to a file which can be easily read with wireshark.
      • 1
    • Ok, and indeed I answered your proper question, but I reckon this wasn't enough to find out what was the problem with LDAPS, right?
      • 1
    • For now it seems that it is some kind of mismatch between the ciphers, I will write back once I know what it is for sure. But in order for this to happen I will need to put one of the production nodes offline and do some more tests and troubleshoot..This will happen in a few days.
      • 1
    • Ok. If you will need more help though it will probably be better to post a separate question, at this point (and maybe just add a link to it here). Good luck with your problem

Trending Tags