Ping a Specific Port

Question

Patel95

Asked: 2013-01-24 23:30:27 +0800 CST2013-01-24 23:30:27 +0800 CST 2013-01-24 23:30:27 +0800 CST

LDAP expired SSL certificate

772

The SLL certificate on the LDAP server expired recently, making it impossible to ssh into other Linux machines who relay strictly on LDAP.

Being a self-signed certificate, my understanding is that it cannot be renewed.

Knowing that I need to generate a new certificate, any ideas on how can that certificate be transferred on client machines when no remote authentication is possible because the old SSL is already expired?

1 Answers

Voted

fuero · Answer 1 · 2013-01-24T23:43:47+08:00

fuero

2013-01-24T23:43:47+08:002013-01-24T23:43:47+08:00

You can retrieve the certificate on the client with

openssl s_client -CApath /etc/ssl/certs -verify 10 \
    -connect '<host>:<port>' 2>&1 < /dev/zero | \
    sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \
    > foo.pem

foo.pem can then be put in the client's trust store.

I'd suggest using a certificate signed by a CA though, even if it is your own CA (easily managed with TinyCA).

The main advantage is that you can import the CA root certificate and don't have to worry about trusting host certificates anymore.

3

LDAP expired SSL certificate

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?