Thanks for your help, here is the output:
teilchen01:~# gnutls-cli -p 636 thea.physik.uni-kl.de -d 1 --print-cert --x509cafile /etc/ssl/certs/thea_cacert.pem Processed 1 CA certificate(s). Resolving 'thea.physik.uni-kl.de'... Connecting to '131.246.123.113:636'... - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: -----BEGIN CERTIFICATE----- MIIC7DCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJERTEM MAoGA1UECBMDUkxQMSAwHgYDVQQKExdUZWNobmlzY2hlIFVuaXZlcnNpdGFldDEb MBkGA1UECxMSRmFjaGJlcmVpY2ggUGh5c2lrMQswCQYDVQQDEwJDQTAeFw0wODA5 MTExMDUyMDdaFw0xODA5MDkxMDUyMDdaMIGTMQswCQYDVQQGEwJERTEMMAoGA1UE CBMDUkxQMRcwFQYDVQQHEw5LYWlzZXJzbGF1dGVybjEgMB4GA1UEChMXVGVjaG5p c2NoZSBVbml2ZXJzaXRhZXQxGzAZBgNVBAsTEkZhY2hiZXJlaWNoIFBoeXNpazEe MBwGA1UEAxMVdGhlYS5waHlzaWsudW5pLWtsLmRlMIGfMA0GCSqGSIb3DQEBAQUA A4GNADCBiQKBgQC/gTUrXSeNvuRH+ibdR7zvlCGs+66C6tDaq14SpEDiY/FEw/S4 mkhsHohiQkmqpcPJ0FONok7bvJryKZwwhGFHeESvvWjFVNIdxFgf6Jx2McKsRzBD nbgVNeK6bywh2L5WgOeckRm0vUxCwX+jWtETorNHSYnZI9smmBtJ1FIPkQIDAQAB o3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUS0IiRshnnlH2bneYeCn6OkY9nZAwHwYD VR0jBBgwFoAU+rCwSUUzK53X9W5otZG4okyY/rswDQYJKoZIhvcNAQEFBQADgYEA g0f6XFxpUL2hncpQcnKorNYdOkZkZHiKqu2SINtla+IbLZFO4nVVO+LKt+RCo2o7 tZIMLEU3aCeH5dgSEKQeyL5MPMg3MbA6ezjOBTkT/YgngzM4CMLOKcvAMLncfH/z GYBW1DXijIy1r/SxO0k9zy8OEtKeOOUO0GqQTWuTOOg= -----END CERTIFICATE----- # The hostname in the certificate matches 'thea.physik.uni-kl.de'. # valid since: Thu Sep 11 12:52:07 CEST 2008 # expires at: Sun Sep 9 12:52:07 CEST 2018 # fingerprint: 20:8B:D5:F0:F6:08:AC:34:9D:13:5B:89:98:5B:D1:63 # Subject's DN: C=DE,ST=RLP,L=Kaiserslautern,O=Technische Universitaet,OU=Fachbereich Physik,CN=thea.physik.uni-kl.de # Issuer's DN: C=DE,ST=RLP,O=Technische Universitaet,OU=Fachbereich Physik,CN=CA - Certificate[1] info: -----BEGIN CERTIFICATE----- MIICvzCCAiigAwIBAgIBADANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJERTEM MAoGA1UECBMDUkxQMSAwHgYDVQQKExdUZWNobmlzY2hlIFVuaXZlcnNpdGFldDEb MBkGA1UECxMSRmFjaGJlcmVpY2ggUGh5c2lrMQswCQYDVQQDEwJDQTAeFw0wODA5 MTExMDQ3NDRaFw0xODA5MDkxMDQ3NDRaMGcxCzAJBgNVBAYTAkRFMQwwCgYDVQQI EwNSTFAxIDAeBgNVBAoTF1RlY2huaXNjaGUgVW5pdmVyc2l0YWV0MRswGQYDVQQL ExJGYWNoYmVyZWljaCBQaHlzaWsxCzAJBgNVBAMTAkNBMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQC76RbqsB5J+VvU1KbBCrkIL3lgY8BxgFvYF3HiHgxtCdqq BmRpAaDBcVAuEb1ihhP68181sYQ1UPMY+zwBwXVNSVvjeBba1JjGmagwPnJXOCay 7Cw5orY8KB7U33neEOGrlz1EKQGVaPsr993wGD/7AmntuVuxrRVpzoDP5s0PIwID AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU+rCwSUUzK53X9W5otZG4okyY/rsw HwYDVR0jBBgwFoAU+rCwSUUzK53X9W5otZG4okyY/rswDQYJKoZIhvcNAQEFBQAD gYEAUT+LmosiDHGuLAZmY40obam0eexJzn/g++mDy3FMh3WmMBKSsfwFsFsQ4k7N lv1SCfTYeh2hpw/DQzkiYZUkcQI4mBR4hG5Zv56AfYQLGeLtN4VOOCMxguftvzv0 kziQa2QW+VzVJqV1gpRCRT30Jaa9s4u6ipO9DT5N03F4CcI= -----END CERTIFICATE----- # valid since: Thu Sep 11 12:47:44 CEST 2008 # expires at: Sun Sep 9 12:47:44 CEST 2018 # fingerprint: 6E:77:06:02:15:27:B6:B7:A8:67:B4:BF:60:56:64:83 # Subject's DN: C=DE,ST=RLP,O=Technische Universitaet,OU=Fachbereich Physik,CN=CA # Issuer's DN: C=DE,ST=RLP,O=Technische Universitaet,OU=Fachbereich Physik,CN=CA - Peer's certificate is NOT trusted - Version: TLS1.0 - Key Exchange: RSA - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL *** Verifying server certificate failed... - Stefan Simon Josefsson schrieb: > Stefan Söffing <[EMAIL PROTECTED]> writes: > > >> Hi, >> >> thank you for looking into this problem. >> >> I just tried libgnutls26 2.4.2-4, unfortunately it doesn't solve this >> problem for me, I still get >> >> - Peer's certificate is NOT trusted >> >> for the self-signed certificate. LDAP access is still broken. >> > > I need the (complete) output from gnutls-cli as requested earlier in > this thread to debug this. I can't connect to the server, it seems to > disconnect directly. > > Thanks, > /Simon > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
