[upki-odcert:60] Re: FirePass 1200 $B$$h$S(B OpenLDAP $B$$h$S(B Cisco ASA 5520 $B$X$N>ZL@=q%$%s%9%H!<%kJ}K!(B

Subject: [upki-odcert:60] Re: FirePass 1200 $B$*$h$S(B OpenLDAP $B$*$h$S(B Cisco ASA 5520 $B$X$N>ZL@=q%$%s%9%H!<%kJ}K!(B
Date: Fri, 26 Nov 2010 20:20:39 +0900
From: xxxxxx@xxxxxxxxxxxxx

$B@>BZL@=q$r$$$m$$$mJQ99$7$F$_$?$b$N$r(B
$B;n$7$F$_$^$7$?!#(B

1) CA$B>ZL@=q$H$7$F!"(B SECOM $B$N(B RootCA$B$r;XDj$7$?$b$N(B
2)                  NII $B$N>ZL@=q$r;XDj$7$?$H$-(B
3)                  $BN>J}$r7k9g$7$?$H$-(B
4) $B!!!!!!!!!!!!!!!!A4$/L54X78$J>ZL@=q$r;XDj$7$?$H$-(B
$B$N!!(Bldapsearch $B$H(B s_client $B%3%^%s%I7k2L$rE:IU$7$^$9!#(B


s_client $B%3%^%s%I$K$O!!>ZL@=q%U%!%$%k$r;XDj$9$k$?$a$K(B
-CAfile $B0z?t$r$D$1$F$$$^$9!#(B

1) $B$9$Y$F$N%A%'%$%s$G@.8y(B
2) depth 1 $B$G<:GT(B
3) $B$9$Y$F$N%A%'%$%s$G@.8y(B
4) depth 1 $B$G<:GT(B

$B$J$s$@$+$h$/$o$+$i$J$/$J$C$F$7$^$C$?$N$G$9$,!"(B
ldap $B%5!<%P!ZL@=q$^$GAw$C$F$-$F$k$N$G$O$J$$$+$H(B
$B;W$o$l$k$h$&$JF0:n$G$9!#(B

$B$A$J$_$K(B LDAP$B%5!<%P!e0L$N>ZL@=q$5$(3NB<$G$9!#$*@$OC$K$J$j$^$9!#(B
> 
> $BJVEz$,CY$/$J$j$^$7$F$9$_$^$;$s!#0c$$$^$7$?$+!";DG0$G$9!#(B
> 
> > Openldap $B$N>l9g!"$?$@(B ldaps: $B$rZL@=q$OITMW$G$9!#(B
> > TLSCertificateFile$B!"(BTLSCertificateKeyFile$B$K(B
> > $B%5!<%P>ZL@=q$r;XDj$9$l$P$$$$$@$1$N$h$&$G$9!#(B
> 
> $B$b$7Cf4V(BCA$B>ZL@=q$r%5!<%P$b%/%i%$%"%s%H$bCN$i$J$$$J$i$P!"(B
> $B>ZL@=q8!>Z$,@.N)$9$k$O$:$,$J$$$H;W$C$F$$$k$N$G$9$,!"$I$N(B
> $B$h$&$J;EAH$_$+A[A|$G$-$J$$$G$9!#@Z$jJ,$1$N$?$a!"(B
> $ openssl s_client -connect LDAPS$B%5!<%P%[%9%HL>(B:$B%]!<%H(B < /dev/null
> $B$r\:Y$K$D$$$F$O0J2<$K$b5-=R$,$"$j$^$9!#(B
> https://upki-portal.nii.ac.jp/ml-archives/upki-odcert/msg00024.html
> 
> > $B!J(Bslapd$B$r(Bldaps$B$G5/F0$9$k$?$a$NZ$r(B
> > $B9T$&$H$-$K;H$&$N$+$b$7$l$^$;$s$,!"7P83$,$"$j$^$;$s!#(B
> 
> $B$O$$!"(BTLSCACertificateFile$B$K$D$$$F$O(BSSL$B%/%i%$%"%s%HG'>Z(B
> $B;~$K!"ZL@=q$NH/9TZ6I(B)$B$r5-=R$9$k$?$a$N(B
> $B$b$N$G4V0c$$$J$$$H;W$$$^$9!#(B
> 
> 
> (2010/11/12 9:18), xxxxxx@xxxxxxxxxxxxx wrote:
> > $B@>Bl9g$N(Bslapd.conf$B$GCf4V(BCA$B>ZL@=q(B(nii-odca2.crt)
> >> $B$r$I$N$h$&$K@_Dj$7$F$$$k$+!"$^$?B>$KJQ99E@$,$4$6$$$^$7$?$i(B
> >> $B$*65$($$$?$@$1$^$7$?$iDI5-$5$;$F$$$?$@$-$?$$$H;W$$$^$9!#(B
> > 
> > $B<:Ni$$$?$7$^$7$?!#$3$A$i$N4D6-$O(B
> > Red Hat Enterprise Linux Server release 5.5
> > $BB6$l$K4^$^$l$k(B openssl 0.9.8e $B$G$9!#(B
> > 
> > Openldap $B$N>l9g!"$?$@(B ldaps: $B$rZL@=q$OITMW$G$9!#(B
> > TLSCertificateFile$B!"(BTLSCertificateKeyFile$B$K(B
> > $B%5!<%P>ZL@=q$r;XDj$9$l$P$$$$$@$1$N$h$&$G$9!#(B
> > $B!J(Bslapd$B$r(Bldaps$B$G5/F0$9$k$?$a$NZL@=q$,I,MW$G(B ldapsearch $BEy$r9T$&>l9g(B
> > TLS_CACERT$B!!$G!!;XDj$9$k%U%!%$%k$K!!$D$+$&(BCA$B>ZL@=q$r(B
> > $B!J%"%/%;%9$9$kJ#?t$N(Bldap $B%5!<%P!<$,$=$l$>$lJL$N(BCA$B$G%5%$%s$5$l$k(B
> > $B>ZL@=q$r;}$D>l9g!K=gITF1$G7k9g$9$l$P$h$$$G$9!#(B
> > $B>ZL@=q%A%'!<%s$,$"$k>l9g!"Cf4V>ZL@=q$b4^$`$9$Y$F$N>ZL@=q$,(B
> > $BI,MW$H%^%K%"%k$K$O$+$+$l$F$$$k$h$&$K$_$($^$7$?$,!"ZL@=q$N$_$,I,MW$GCf4V(BCA$B>ZL@=q$OITMW$G$7$?!#(B
> > NII$B$N>ZL@=q$N>l9g!!(BSECOM $B$N%k!<%H#C#A!!(BSCRoot1ca.cer $B$,I,MW$G$9!#!!(B
> > $B0lJ}!!(BTLS_CACERTDIR$B!!$r;H$&>l9g$OCm0U$,I,MW$G!"(B
> > $B>ZL@=q%U%!%$%k$NZL@=q!!(BTLSCACertificateFile$B!!$NMQES$K$D$$$F(B
> > $B;d$O$h$/$o$+$j$^$;$s!#!!=>$C$F(B $BCf4V#C#A>ZL@=q$r$I$&$d$C$F(B
> > $B$D$+$&$+$J$I$b$h$/$o$+$j$^$;$s!#(B
> > $B%5!<%P!ZL@=q$O!!$J$s$K;H$&$N$G$7$g$&!#(B
> > database backend LDAP$B$d!!(Breferal? $B$K;H$&$H;W$C$F$$$?$N$G$9$,(B
> > $B$=$&$G$b$J$$$h$&$J$N$G!"!)!)!)$G$9!#(B
> > $B;d$b@>B<$5$s$N$*$C$7$c$k$h$&$K(B
> > TLSVerifyClient$B!!$r(B try $B$^$?$O(B demand $B$K$7$F$_$?$N$G$9$,!"(B
> > $B$3$s$I$OA0!9@\B3$G$-$J$/$J$C$F$7$^$$!"(B
> > $B$3$l$O%/%i%$%"%s%HG'>ZMQ$G(B
> > $B8e$m$K$$$k(B $BBh(B2$B$N(Bldap$B%5!<%P!<$NG'>Z$K$O$D$+$o$l$J$$$h$&$G$9!#(B
> > TLSCACertificateFile$B!!$b%/%i%$%"%s%H$NG'>Z$r(B
> > $B9T$&$H$-$K;H$&$N$+$b$7$l$^$;$s$,!"7P83$,$"$j$^$;$s!#(B
> > $B$^$?A4A34*0c$$$7$F$k$N$+$b$7$l$^$;$s!#(B
> > 
> >> $B$"$H3NG'$G$9$,!"8e$m$N(Bldaps$B%5!<%P!<$O%W%i%$%Y!<%H>ZL@=q$r(B
> >> $B;HMQ$7$F$$$k$N$G$7$g$&$+!)%Q%V%j%C%/$J$b$N$G$"$l$P!"(B
> >> TLSCACertificateFile$BL5;XDj$N>l9g$K%G%U%)%k%H$N(Bca-bundle.crt
> >> $B$,;2>H$5$l$F$$$k2DG=@-$b$"$k$+$H;W$$$^$7$?$N$G!#(B
> > $B;n$7$?;~$O!!8e$m$N(Bldap$B%5!<%P!<$O3N$+$K(B NII$B$N>ZL@=q$@$C$?$N$G$9$,!"(B
> > $BD>@\(Bldapsearch $B$G$D$J$.$K$$$C$?$H$-$b(Bdefault $B$G$O!!$D$J$,$i$J$+$C$?(B
$B$N$G!"(B
> > ca-bundle.crt $B$r$_$K$$$C$F$k$H$O9M$($K$/$$5$$,$7$F$^$9!#(B
> > slapd $B$N$[$&$O8+$K9T$/$N$+$b$7$l$^$;$s$,!&!&!!(B
> > $B:#EY(B $B$*$l$*$l>ZL@=q$G%F%9%H$7$F$_$^$9!#(B
> > 
> > 
> > $B??Fi(B
> > 
> > Takeshi NISHIMURA<xxxxxxx@xxxxxxxxx>$B$5$s!'(B
> >> KEK$B??FiMM(B
> >> $B@>B<$G$9!#$h$m$7$/$*4j$$$7$^$9!#(B
> >>
> >> $B$4;XE&$"$j$,$H$&$4$6$$$^$9!#(B
> >> $B@N$N5-21$r$?$I$j$J$,$i=q$$$F$$$^$9$,!"3N$+$K!V$J$s$G$3$s$J(B
> >> $B;EMM$J$s$@$m$&!W$H;W$$$^$7$?!#(B
> >> $B860x$O(BUbuntu$B$N(BOpenLDAP$B$,(BGnuTLS$B%i%$%V%i%j$K%j%s%/$7$F$$$k$?$a$G!"(B
> >> OpenSSL$B$K%j%s%/$7$F$$$k>l9g$H=q$-J}$,Bg$-$/0[$J$j$^$9!#(B
> >> $B!V>ZL@=q%U%!%$%k$N2~9T$O(BLF$B$N$_!W$b(BGnuTLS$B$K8B$C$?OC$@$C$?$H;W(B
> >> $B$$$^$9!#!V(BGnuTLS$B$K%j%s%/$7$F$$$k>l9g$3$&=q$+$J$$$H@5$7$/F0:n(B
> >> $B$7$J$$!W$H$$$&$N$,@53N$J$H$3$m$G$9!#(B
> >>
> >> $B;29M$^$G!"(BOpenSSL$B$N>l9g$N(Bslapd.conf$B$GCf4V(BCA$B>ZL@=q(B(nii-odca2.crt)
> >> $B$r$I$N$h$&$K@_Dj$7$F$$$k$+!"$^$?B>$KJQ99E@$,$4$6$$$^$7$?$i(B
> >> $B$*65$($$$?$@$1$^$7$?$iDI5-$5$;$F$$$?$@$-$?$$$H;W$$$^$9!#(B
> >>
> >>> database$B!!$N%P%C%/%(%s%I#D#B$r(B ldap$B!!$K$7$F(B
> >>> $BB>$N(B ldaps$B%5!<%P!<$K(B reverse proxy $B$9$k>l9g(B
> >>> slapd.conf $B$N!!(BTLSCACertificateFile$B$,I,MW$@$H(B
> >>> $B$*$b$C$F$$$?$N$G$9$,!"!!$I$&$7$F$b(B
> >>> $BB>$N(Bldap$B%5!<%P!<$N>ZL@=q$r$A$c$s$H%A%'%C%/$7$F$/$l$^$;$s!#(B
> >>> $B!J(BTLSCACertificateFile $B$,$J$/$F$b!!LdBj$J$/F0:n$7$F$7$^$&!K(B
> >>
> >> $B40A4$K$"$F$:$C$]$&$G$9$,!"(BTLSVerifyClient$B$r(Btry$B$K$7$F$b(B
> >> $BF1$8>u67$G$7$g$&$+!)(B
> >> $B$"$H3NG'$G$9$,!"8e$m$N(Bldaps$B%5!<%P!<$O%W%i%$%Y!<%H>ZL@=q$r(B
> >> $B;HMQ$7$F$$$k$N$G$7$g$&$+!)%Q%V%j%C%/$J$b$N$G$"$l$P!"(B
> >> TLSCACertificateFile$BL5;XDj$N>l9g$K%G%U%)%k%H$N(Bca-bundle.crt
> >> $B$,;2>H$5$l$F$$$k2DG=@-$b$"$k$+$H;W$$$^$7$?$N$G!#(B
> >>
> >>
> >> (2010/11/11 13:48), xxxxxx@xxxxxxxxxxxxx wrote:
> >>> KEK $B$N??Fi$G$9!#!!$3$A$i$O=i$a$F$G$9!#$h$m$7$/$*4j$$$$$?$7$^$9!#(B
> >>>
> >>>
> >>>
> >>> OpenLDAP$B$N5-=R$K$D$$$F!!ZL@=q$OBg>fIW(B nii-odca2.crt$B$O(BCRLF $B%k!<%H$b(B
OK
> > $B%5(B
> >>>> $B!<%P>ZL@=q"*(Bnii-odca2.crt$B"*%k!<%H$N=g$K3JG<(B $B%k!<%H$O(B
> >>>> /etc/ssl/certs/Security_Communication_Root_CA.pem
> >>>> $B$K$"$k(B
> >>>
> >>> $B$H=q$+$l$F$"$j$^$9$,!"$3$l$O(B server-chain.crt $B$K!!(B
> >>> $B0lO"$N%5!<%P>ZL@=q"*(Bnii-odca2.crt$B"*%k!<%H$N(B
> >>> $B>ZL@=q%A%'!<%s$r7k9g(B(cat)$B$7$F(B($B<}G<$;$h$H$N(B
> >>> $B0UL#$G$7$g$&$+!)(B
> >>>
> >>> TLSCertificateFile $B$K$O!!(Bldap$B%5!<%P!<$N%5!<%P!<>ZL@=q$@$1$r<}G<$7!"(B
> >>> ldap $B%/%i%$%"%s%HB&$N(B TLS_CACERT $B$K(B SECOM $B$N%k!<%H>ZL@=q$r(B
> >>> $B$*$1$P$h$$$h$&$K$*$b$&$N$G$9$,!#!#(B
> >>> $B0lO"$N>ZL@=q$rCV$+$J$1$l$P$$$1$J$$>l9g$O$I$&$$$&>l9g$G$7$g$&$+!)(B
> >>>
> >>> $B$J$*!"%/%i%$%"%s%HB&$N(B TLS_CACERT $B%U%!%$%k$G$O!"J#?t$N(BCA$B$,(B
> >>> $BI,MW$J>l9g$O!"7k9g$9$kI,MW$,$"$k$N$G$9$,!"FC$K7k9g$9$k=gHV$O(B
> >>> $B5$$K$7$J$$$H;W$$$^$9!#!!$^$?!"Cf4V>ZL@=q$bITMW$G!!%k!<%H$5$($"$l$P(B
> >>> $B$&$^$/$G$-$k$h$&$G$7$?!#(B
> >>>
> >>> $B$5$i$K(B
> >>> $B4XO"$N$N(B ldaps$B%5!<%P!<$K(B reverse proxy $B$9$k>l9g(B
> >>> slapd.conf $B$N!!(BTLSCACertificateFile$B$,I,MW$@$H(B
> >>> $B$*$b$C$F$$$?$N$G$9$,!"!!$I$&$7$F$b(B
> >>> $BB>$N(Bldap$B%5!<%P!<$N>ZL@=q$r$A$c$s$H%A%'%C%/$7$F$/$l$^$;$s!#(B
> >>> $B!J(BTLSCACertificateFile $B$,$J$/$F$b!!LdBj$J$/F0:n$7$F$7$^$&!K(B
> >>> $B$3$N>l9g$K$b>ZL@=q$r$-$A$s$H%A%'%C%/$7$F$/$l$k$h$&$K$9$k$K$O(B
> >>> $B$I$&$9$l$P$h$$$+$4B8CN$N$+$?$$$i$C$7$c$$$^$7$?$i(B
> >>> $B$465B<$G$9!#(B
> >>>>
> >>>> $B%5!<%P>ZL@=q$N%$%s%9%H!<%k;vNc$K$D$-$^$7$F!"(BFirePass 1200
> >>>> $B$*$h$S(BOpenLDAP$B!"(BCisco ASA 5520$B$X$N%$%s%9%H!<%kJ}K!$r;vNc=8(B
> >>>> $B$K7G:\$7$^$7$?$N$G$*CN$i$;$7$^$9!#(B
> >>>>
> >>>> $B$*Lr$KN)$A$^$7$?$i9,$$$G$9!#(B
> >>>>
> >>>> FirePass 1200
> >>>> https://upki-portal.nii.ac.jp/docs/odcert/report#comment-33
> >>>>
> >>>> OpenLDAP
> >>>> https://upki-portal.nii.ac.jp/docs/odcert/report#comment-34
> >>>>
> >>>> Cisco ASA 5520
> >>>> https://upki-portal.nii.ac.jp/docs/odcert/report
> >>>> ($BI=$N0lHV2<$K>/$7$@$1%3%a%s%H$r=q$$$F$$$^$9(B)
> 
> -- 
> $B@>B<7r(B
> $B9qN)>pJs3X8&5f=j(B TEL:03-4212-2720
>

ldap.conf
---------------------------------
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

URI   ldaps://jld1.j-parc.jp
BASE  ou=user,ou=People,o=J-PARC Center,c=jp


#SIZELIMIT      12
#TIMELIMIT      15
TLS_CACERT    /usr/local/etc/openldap/cacerts/SCRoot1ca.cer
TLS_REQCERT demand
---------------------------------~



$ldapsearch -H ldaps://jld1.j-parc.jp -x -D "uid=manabe,ou=user,
ou=People,o=J-PARC Center,c=jp" -W -b "uid=manabe,ou=user,ou=People,o=J-PARC Cen
ter,c=jp"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <uid=manabe,ou=user,ou=People,o=J-PARC Center,c=jp> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
ЏИ—Є

# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
~
ldapsearch ‚Нђ¬Њч



------------------------------------------------------------------------
$openssl s_client -CAfile SCRoot1ca.cer -connect jld1.j-parc.jp:ldaps -showcerts
CONNECTED(00000003)
depth=2 /C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
verify return:1
depth=1 /C=JP/L=Academe2/O=National Institute of Informatics/OU=UPKI/OU=NII Open Domain CA - G2
verify return:1
depth=0 /C=JP/L=Academe2/O=J-PARC Center/CN=jld1.j-parc.jp
verify return:1
---
Certificate chain
 0 s:/C=JP/L=Academe2/O=J-PARC Center/CN=jld1.j-parc.jp
   i:/C=JP/L=Academe2/O=National Institute of Informatics/OU=UPKI/OU=NII Open Domain CA - G2
-----BEGIN CERTIFICATE-----
MIIEFzCCAv+gAwIBAgIIKqc+ilJLEc0wDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UE
BhMCSlAxETAPBgNVBAcTCEFjYWRlbWUyMSowKAYDVQQKEyFOYXRpb25hbCBJbnN0
aXR1dGUgb2YgSW5mb3JtYXRpY3MxDTALBgNVBAsTBFVQS0kxIDAeBgNVBAsTF05J
SSBPcGVuIERvbWFpbiBDQSAtIEcyMB4XDTA5MTAwNTA1NTYzMFoXDTExMTEwNDA2
MDYzMFowUTELMAkGA1UEBhMCSlAxETAPBgNVBAcTCEFjYWRlbWUyMRYwFAYDVQQK
Ew1KLVBBUkMgQ2VudGVyMRcwFQYDVQQDEw5qbGQxLmotcGFyYy5qcDCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAw4bCYQKiTCpqKsMz8xzIIzcOYji7BtVzMV3E
BeKrIyG64qPNGJC7w0ERlPMhIWDy35peTuTYIOqqFoLV7IPYxVL7Ci0xvLPN3Tii
+i6PghYnHYo8vYyjY21wlGbJvVm8TlkUMQNrSpCXEqMP9fPiCrB2i1yJXUypQ1H2
wTxpdIsCAwEAAaOCAUkwggFFMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr
BgEFBQcDATAdBgNVHQ4EFgQUR+Mt49zIuchiywbliAxRmOGkLsAwHwYDVR0jBBgw
FoAUewoH9xjKjA7W2rxQgGwsRwLRDfswGQYDVR0RBBIwEIIOamxkMS5qLXBhcmMu
anAwZgYDVR0gBF8wXTBNBgoqgwiMnB4BAgIBMD8wPQYIKwYBBQUHAgEWMWh0dHBz
Oi8vcmVwbzEuc2Vjb210cnVzdC5uZXQvc3BjcHAvY3BzL2luZGV4Lmh0bWwwDAYK
KoMIjJsbZIcFATBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vcmVwbzEuc2Vjb210
cnVzdC5uZXQvc3BwY2EvbmlpL29kY2EyL2Z1bGxjcmwuY3JsMBEGCWCGSAGG+EIB
AQQEAwIGQDANBgkqhkiG9w0BAQUFAAOCAQEASn2JCORIHhgszg3l3zu5fXqPam/L
fQY6ReuAGi/TxppHXrphxxfePb6kbs4MAV6X5NFhxnvZlo1cIzH176MjJIIyq2PS
HNjaTSujqQZ1yuS6e4hzJ8aOjJSYDtqkQ8iDWAkjOqsZnRm68jhj2kIgSp0i2cnW
sFHDOqa5gsqWDmt0dQj9JNDBG3g6YdojG28h7e4yYQrZVbCUFWGCVQ/cAn04uxsa
myDzJIBC3En8LU93HBlGFBT2bPzhUUfGnxcx1Cc3H3upM2zc2s5Q7VSt66NYvlBh
VKSzb79FUDuwS/qLu0v/GmPubaDtcT1m/hPHbI3D7idZKBp1GfjUhmR4sw==
-----END CERTIFICATE-----
 1 s:/C=JP/L=Academe2/O=National Institute of Informatics/OU=UPKI/OU=NII Open Domain CA - G2
   i:/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
-----BEGIN CERTIFICATE-----
MIIEVDCCAzygAwIBAgIEErmwxzANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJK
UDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBD
b21tdW5pY2F0aW9uIFJvb3RDQTEwHhcNMDkwMzI3MDMxMzUxWhcNMTkwMzI3MDMx
MzUxWjB9MQswCQYDVQQGEwJKUDERMA8GA1UEBxMIQWNhZGVtZTIxKjAoBgNVBAoT
IU5hdGlvbmFsIEluc3RpdHV0ZSBvZiBJbmZvcm1hdGljczENMAsGA1UECxMEVVBL
STEgMB4GA1UECxMXTklJIE9wZW4gRG9tYWluIENBIC0gRzIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDgFG0JGEjnMbJg14i0OKK4qPNr1gwOIZwJRIdh
4L3cYh6+sKhn/lSvliCcbKFsGas9bj27d9N4dnzhyQaaurVmLFyFYtYdv8feyKcm
SN7UYUM4SoeAeq699OCPTLIQw2aehkPSGHy7ecH1JX6UYw/40pmFNc+ITIDjqf0+
mwJTRM8CtTwvegL7k5fZYinXXtXnh0aiho91/mqDErWOw+AIpPTCDoQBnq1BJzSJ
h+9eMBqj1BrjcXUL0pqBvzVz5lBXgrUq3zmVg3yjTGNErLnBg3xGxRwxgfCSo6vZ
e6MpUePb7YarCGJ99L2ENGd0p53AOm8rXyW0K9WSLdbQ9h4jAgMBAAGjggEHMIIB
AzAdBgNVHQ4EFgQUewoH9xjKjA7W2rxQgGwsRwLRDfswHwYDVR0jBBgwFoAUoHNJ
mWjchVtl45soL1efvTO8B0gwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
BAMCAQYwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL3JlcG9zaXRvcnkuc2Vjb210
cnVzdC5uZXQvU0MtUm9vdDEvU0NSb290MUNSTC5jcmwwUgYDVR0gBEswSTBHBgoq
gwiMmxtkhwUBMDkwNwYIKwYBBQUHAgEWK2h0dHBzOi8vcmVwb3NpdG9yeS5zZWNv
bXRydXN0Lm5ldC9TQy1Sb290MS8wDQYJKoZIhvcNAQEFBQADggEBAKoqogcGLHdD
lkXmNjCkI9kXn9I8zHNn7xO3YdMYkgsIkYSAic9+HwWHJPV12/baOxigpGKkY2vc
SEDwAiHqSsVTHrzY6QyERVSaalk+C74+sxjxw1JG5LcH+wgt+ExA4mZPAS7vOfgD
kni+7lP9YrlLR19E6K2AQW6G3Df8zhnkOf2+kl+lavDvT74KrhOFojYZTGF6DFIo
kBFfvNBdrux4CkIsKhpYQXCAIEuy12CFZUXEtHB5XxeBkntbs2lfP/rWbg2J1Ige
zZc6shCn3VdrL2douVFjaAXlc8zwys/KIpLzNSxOOGwJdKxFTaIzH/emcqKj93Jd
DC1rrFMhoPE=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=JP/L=Academe2/O=J-PARC Center/CN=jld1.j-parc.jp
issuer=/C=JP/L=Academe2/O=National Institute of Informatics/OU=UPKI/OU=NII Open Domain CA - G2
---
No client certificate CA names sent
---
SSL handshake has read 2328 bytes and written 340 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: FEC4C0550FB1AD45147E21E9CF32CE94CCE68ADFDDA718364302C0B67B624B4F
    Session-ID-ctx:
    Master-Key: 359B83444608A37B3AD9382746B0875A5AF4F7B6F1816B02C3F0DFA75DCEBBC20A8DD3EF7B665AAD2BCD0C73A04A6F10
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1290769113
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

ldap.conf

---------------------------------------------------
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

URI   ldaps://jld1.j-parc.jp
BASE  ou=user,ou=People,o=J-PARC Center,c=jp


#SIZELIMIT      12
#TIMELIMIT      15
TLS_CACERT    /usr/local/etc/openldap/cacerts/NIICa.pem
TLS_REQCERT demand
--------------------------------------------------

$ ldapsearch -H ldaps://jld1.j-parc.jp -x -D "uid=manabe,ou=user,
ou=People,o=J-PARC Center,c=jp" -W -b "uid=manabe,ou=user,ou=People,o=J-PARC Cen
ter,c=jp"
Enter LDAP Password:
ldap_bind: Can't contact LDAP server (-1)
        additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify faile
~
Ћё”s

------------------------------------------------------

$openssl s_client -CAfile NIICa.pem -connect jld1.j-parc.jp:
ldaps -showcerts
CONNECTED(00000003)
depth=1 /C=JP/L=Academe2/O=National Institute of Informatics/OU=UPKI/OU=NII Open Domain CA - G2
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=JP/L=Academe2/O=J-PARC Center/CN=jld1.j-parc.jp
   i:/C=JP/L=Academe2/O=National Institute of Informatics/OU=UPKI/OU=NII Open Domain CA - G2
-----BEGIN CERTIFICATE-----
MIIEFzCCAv+gAwIBAgIIKqc+ilJLEc0wDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UE
BhMCSlAxETAPBgNVBAcTCEFjYWRlbWUyMSowKAYDVQQKEyFOYXRpb25hbCBJbnN0
aXR1dGUgb2YgSW5mb3JtYXRpY3MxDTALBgNVBAsTBFVQS0kxIDAeBgNVBAsTF05J
SSBPcGVuIERvbWFpbiBDQSAtIEcyMB4XDTA5MTAwNTA1NTYzMFoXDTExMTEwNDA2
MDYzMFowUTELMAkGA1UEBhMCSlAxETAPBgNVBAcTCEFjYWRlbWUyMRYwFAYDVQQK
Ew1KLVBBUkMgQ2VudGVyMRcwFQYDVQQDEw5qbGQxLmotcGFyYy5qcDCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAw4bCYQKiTCpqKsMz8xzIIzcOYji7BtVzMV3E
BeKrIyG64qPNGJC7w0ERlPMhIWDy35peTuTYIOqqFoLV7IPYxVL7Ci0xvLPN3Tii
+i6PghYnHYo8vYyjY21wlGbJvVm8TlkUMQNrSpCXEqMP9fPiCrB2i1yJXUypQ1H2
wTxpdIsCAwEAAaOCAUkwggFFMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr
BgEFBQcDATAdBgNVHQ4EFgQUR+Mt49zIuchiywbliAxRmOGkLsAwHwYDVR0jBBgw
FoAUewoH9xjKjA7W2rxQgGwsRwLRDfswGQYDVR0RBBIwEIIOamxkMS5qLXBhcmMu
anAwZgYDVR0gBF8wXTBNBgoqgwiMnB4BAgIBMD8wPQYIKwYBBQUHAgEWMWh0dHBz
Oi8vcmVwbzEuc2Vjb210cnVzdC5uZXQvc3BjcHAvY3BzL2luZGV4Lmh0bWwwDAYK
KoMIjJsbZIcFATBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vcmVwbzEuc2Vjb210
cnVzdC5uZXQvc3BwY2EvbmlpL29kY2EyL2Z1bGxjcmwuY3JsMBEGCWCGSAGG+EIB
AQQEAwIGQDANBgkqhkiG9w0BAQUFAAOCAQEASn2JCORIHhgszg3l3zu5fXqPam/L
fQY6ReuAGi/TxppHXrphxxfePb6kbs4MAV6X5NFhxnvZlo1cIzH176MjJIIyq2PS
HNjaTSujqQZ1yuS6e4hzJ8aOjJSYDtqkQ8iDWAkjOqsZnRm68jhj2kIgSp0i2cnW
sFHDOqa5gsqWDmt0dQj9JNDBG3g6YdojG28h7e4yYQrZVbCUFWGCVQ/cAn04uxsa
myDzJIBC3En8LU93HBlGFBT2bPzhUUfGnxcx1Cc3H3upM2zc2s5Q7VSt66NYvlBh
VKSzb79FUDuwS/qLu0v/GmPubaDtcT1m/hPHbI3D7idZKBp1GfjUhmR4sw==
-----END CERTIFICATE-----
 1 s:/C=JP/L=Academe2/O=National Institute of Informatics/OU=UPKI/OU=NII Open Domain CA - G2
   i:/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
-----BEGIN CERTIFICATE-----
MIIEVDCCAzygAwIBAgIEErmwxzANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJK
UDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBD
b21tdW5pY2F0aW9uIFJvb3RDQTEwHhcNMDkwMzI3MDMxMzUxWhcNMTkwMzI3MDMx
MzUxWjB9MQswCQYDVQQGEwJKUDERMA8GA1UEBxMIQWNhZGVtZTIxKjAoBgNVBAoT
IU5hdGlvbmFsIEluc3RpdHV0ZSBvZiBJbmZvcm1hdGljczENMAsGA1UECxMEVVBL
STEgMB4GA1UECxMXTklJIE9wZW4gRG9tYWluIENBIC0gRzIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDgFG0JGEjnMbJg14i0OKK4qPNr1gwOIZwJRIdh
4L3cYh6+sKhn/lSvliCcbKFsGas9bj27d9N4dnzhyQaaurVmLFyFYtYdv8feyKcm
SN7UYUM4SoeAeq699OCPTLIQw2aehkPSGHy7ecH1JX6UYw/40pmFNc+ITIDjqf0+
mwJTRM8CtTwvegL7k5fZYinXXtXnh0aiho91/mqDErWOw+AIpPTCDoQBnq1BJzSJ
h+9eMBqj1BrjcXUL0pqBvzVz5lBXgrUq3zmVg3yjTGNErLnBg3xGxRwxgfCSo6vZ
e6MpUePb7YarCGJ99L2ENGd0p53AOm8rXyW0K9WSLdbQ9h4jAgMBAAGjggEHMIIB
AzAdBgNVHQ4EFgQUewoH9xjKjA7W2rxQgGwsRwLRDfswHwYDVR0jBBgwFoAUoHNJ
mWjchVtl45soL1efvTO8B0gwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
BAMCAQYwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL3JlcG9zaXRvcnkuc2Vjb210
cnVzdC5uZXQvU0MtUm9vdDEvU0NSb290MUNSTC5jcmwwUgYDVR0gBEswSTBHBgoq
gwiMmxtkhwUBMDkwNwYIKwYBBQUHAgEWK2h0dHBzOi8vcmVwb3NpdG9yeS5zZWNv
bXRydXN0Lm5ldC9TQy1Sb290MS8wDQYJKoZIhvcNAQEFBQADggEBAKoqogcGLHdD
lkXmNjCkI9kXn9I8zHNn7xO3YdMYkgsIkYSAic9+HwWHJPV12/baOxigpGKkY2vc
SEDwAiHqSsVTHrzY6QyERVSaalk+C74+sxjxw1JG5LcH+wgt+ExA4mZPAS7vOfgD
kni+7lP9YrlLR19E6K2AQW6G3Df8zhnkOf2+kl+lavDvT74KrhOFojYZTGF6DFIo
kBFfvNBdrux4CkIsKhpYQXCAIEuy12CFZUXEtHB5XxeBkntbs2lfP/rWbg2J1Ige
zZc6shCn3VdrL2douVFjaAXlc8zwys/KIpLzNSxOOGwJdKxFTaIzH/emcqKj93Jd
DC1rrFMhoPE=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=JP/L=Academe2/O=J-PARC Center/CN=jld1.j-parc.jp
issuer=/C=JP/L=Academe2/O=National Institute of Informatics/OU=UPKI/OU=NII Open Domain CA - G2
---
No client certificate CA names sent
---
SSL handshake has read 2328 bytes and written 340 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: FD3BA59E8F67DB42056C2C20A66CC3935FE5986BF77A69ADA1C8F1B616239493
    Session-ID-ctx:
    Master-Key: 7152B2DA106354C5BD0B034B1EFBA0CBED0D8A9D5D1BE971356673551753395EEE225CD7EECB83B35D0DD21458918325
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1290769047
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
~
Ћё”s

ldap.conf
-------------------------------------------------
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

URI   ldaps://jld1.j-parc.jp
BASE  ou=user,ou=People,o=J-PARC Center,c=jp


#SIZELIMIT      12
#TIMELIMIT      15
TLS_CACERT    /usr/local/etc/openldap/cacerts/NII+SCRoot.cer
TLS_REQCERT demand
----------------------------------------------------

$ ldapsearch -H ldaps://jld1.j-parc.jp -x -D "uid=manabe,ou=user,
ou=People,o=J-PARC Center,c=jp" -W -b "uid=manabe,ou=user,ou=People,o=J-PARC Cen
ter,c=jp"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <uid=manabe,ou=user,ou=People,o=J-PARC Center,c=jp> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
ЏИ—Є
# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

ђ¬Њч

------------------------------------------------------------

$ openssl s_client -CAfile NII -connect jld1.j-parc.jp:ldaps -showcerts
NII+SCRoot.cer  NIICa.pem
[root@uld1 cacerts]# openssl s_client -CAfile NII+SCRoot.cer -connect jld1.j-parc.jp:ldaps -showcerts
CONNECTED(00000003)
depth=2 /C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
verify return:1
depth=1 /C=JP/L=Academe2/O=National Institute of Informatics/OU=UPKI/OU=NII Open Domain CA - G2
verify return:1
depth=0 /C=JP/L=Academe2/O=J-PARC Center/CN=jld1.j-parc.jp
verify return:1
---
Certificate chain
 0 s:/C=JP/L=Academe2/O=J-PARC Center/CN=jld1.j-parc.jp
   i:/C=JP/L=Academe2/O=National Institute of Informatics/OU=UPKI/OU=NII Open Domain CA - G2
-----BEGIN CERTIFICATE-----
MIIEFzCCAv+gAwIBAgIIKqc+ilJLEc0wDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UE
BhMCSlAxETAPBgNVBAcTCEFjYWRlbWUyMSowKAYDVQQKEyFOYXRpb25hbCBJbnN0
aXR1dGUgb2YgSW5mb3JtYXRpY3MxDTALBgNVBAsTBFVQS0kxIDAeBgNVBAsTF05J
SSBPcGVuIERvbWFpbiBDQSAtIEcyMB4XDTA5MTAwNTA1NTYzMFoXDTExMTEwNDA2
MDYzMFowUTELMAkGA1UEBhMCSlAxETAPBgNVBAcTCEFjYWRlbWUyMRYwFAYDVQQK
Ew1KLVBBUkMgQ2VudGVyMRcwFQYDVQQDEw5qbGQxLmotcGFyYy5qcDCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAw4bCYQKiTCpqKsMz8xzIIzcOYji7BtVzMV3E
BeKrIyG64qPNGJC7w0ERlPMhIWDy35peTuTYIOqqFoLV7IPYxVL7Ci0xvLPN3Tii
+i6PghYnHYo8vYyjY21wlGbJvVm8TlkUMQNrSpCXEqMP9fPiCrB2i1yJXUypQ1H2
wTxpdIsCAwEAAaOCAUkwggFFMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr
BgEFBQcDATAdBgNVHQ4EFgQUR+Mt49zIuchiywbliAxRmOGkLsAwHwYDVR0jBBgw
FoAUewoH9xjKjA7W2rxQgGwsRwLRDfswGQYDVR0RBBIwEIIOamxkMS5qLXBhcmMu
anAwZgYDVR0gBF8wXTBNBgoqgwiMnB4BAgIBMD8wPQYIKwYBBQUHAgEWMWh0dHBz
Oi8vcmVwbzEuc2Vjb210cnVzdC5uZXQvc3BjcHAvY3BzL2luZGV4Lmh0bWwwDAYK
KoMIjJsbZIcFATBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vcmVwbzEuc2Vjb210
cnVzdC5uZXQvc3BwY2EvbmlpL29kY2EyL2Z1bGxjcmwuY3JsMBEGCWCGSAGG+EIB
AQQEAwIGQDANBgkqhkiG9w0BAQUFAAOCAQEASn2JCORIHhgszg3l3zu5fXqPam/L
fQY6ReuAGi/TxppHXrphxxfePb6kbs4MAV6X5NFhxnvZlo1cIzH176MjJIIyq2PS
HNjaTSujqQZ1yuS6e4hzJ8aOjJSYDtqkQ8iDWAkjOqsZnRm68jhj2kIgSp0i2cnW
sFHDOqa5gsqWDmt0dQj9JNDBG3g6YdojG28h7e4yYQrZVbCUFWGCVQ/cAn04uxsa
myDzJIBC3En8LU93HBlGFBT2bPzhUUfGnxcx1Cc3H3upM2zc2s5Q7VSt66NYvlBh
VKSzb79FUDuwS/qLu0v/GmPubaDtcT1m/hPHbI3D7idZKBp1GfjUhmR4sw==
-----END CERTIFICATE-----
 1 s:/C=JP/L=Academe2/O=National Institute of Informatics/OU=UPKI/OU=NII Open Domain CA - G2
   i:/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
-----BEGIN CERTIFICATE-----
MIIEVDCCAzygAwIBAgIEErmwxzANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJK
UDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBD
b21tdW5pY2F0aW9uIFJvb3RDQTEwHhcNMDkwMzI3MDMxMzUxWhcNMTkwMzI3MDMx
MzUxWjB9MQswCQYDVQQGEwJKUDERMA8GA1UEBxMIQWNhZGVtZTIxKjAoBgNVBAoT
IU5hdGlvbmFsIEluc3RpdHV0ZSBvZiBJbmZvcm1hdGljczENMAsGA1UECxMEVVBL
STEgMB4GA1UECxMXTklJIE9wZW4gRG9tYWluIENBIC0gRzIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDgFG0JGEjnMbJg14i0OKK4qPNr1gwOIZwJRIdh
4L3cYh6+sKhn/lSvliCcbKFsGas9bj27d9N4dnzhyQaaurVmLFyFYtYdv8feyKcm
SN7UYUM4SoeAeq699OCPTLIQw2aehkPSGHy7ecH1JX6UYw/40pmFNc+ITIDjqf0+
mwJTRM8CtTwvegL7k5fZYinXXtXnh0aiho91/mqDErWOw+AIpPTCDoQBnq1BJzSJ
h+9eMBqj1BrjcXUL0pqBvzVz5lBXgrUq3zmVg3yjTGNErLnBg3xGxRwxgfCSo6vZ
e6MpUePb7YarCGJ99L2ENGd0p53AOm8rXyW0K9WSLdbQ9h4jAgMBAAGjggEHMIIB
AzAdBgNVHQ4EFgQUewoH9xjKjA7W2rxQgGwsRwLRDfswHwYDVR0jBBgwFoAUoHNJ
mWjchVtl45soL1efvTO8B0gwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
BAMCAQYwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL3JlcG9zaXRvcnkuc2Vjb210
cnVzdC5uZXQvU0MtUm9vdDEvU0NSb290MUNSTC5jcmwwUgYDVR0gBEswSTBHBgoq
gwiMmxtkhwUBMDkwNwYIKwYBBQUHAgEWK2h0dHBzOi8vcmVwb3NpdG9yeS5zZWNv
bXRydXN0Lm5ldC9TQy1Sb290MS8wDQYJKoZIhvcNAQEFBQADggEBAKoqogcGLHdD
lkXmNjCkI9kXn9I8zHNn7xO3YdMYkgsIkYSAic9+HwWHJPV12/baOxigpGKkY2vc
SEDwAiHqSsVTHrzY6QyERVSaalk+C74+sxjxw1JG5LcH+wgt+ExA4mZPAS7vOfgD
kni+7lP9YrlLR19E6K2AQW6G3Df8zhnkOf2+kl+lavDvT74KrhOFojYZTGF6DFIo
kBFfvNBdrux4CkIsKhpYQXCAIEuy12CFZUXEtHB5XxeBkntbs2lfP/rWbg2J1Ige
zZc6shCn3VdrL2douVFjaAXlc8zwys/KIpLzNSxOOGwJdKxFTaIzH/emcqKj93Jd
DC1rrFMhoPE=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=JP/L=Academe2/O=J-PARC Center/CN=jld1.j-parc.jp
issuer=/C=JP/L=Academe2/O=National Institute of Informatics/OU=UPKI/OU=NII Open Domain CA - G2
---
No client certificate CA names sent
---
SSL handshake has read 2328 bytes and written 340 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: 4553F23ED120B6F9D01BD01459EB4C95D6529EC3279C91B06DDEFFF227832056
    Session-ID-ctx:
    Master-Key: A1435F6AE04A2367F0474A5E1747C69E26C1F8D845DC811D5EEA7F15CC37E2AEDB2E263CBDDC604ABC5BE5397A7F745D
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1290769180
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

URI   ldaps://jld1.j-parc.jp
BASE  ou=user,ou=People,o=J-PARC Center,c=jp


#SIZELIMIT      12
#TIMELIMIT      15
TLS_CACERT    /usr/local/etc/openldap/cacerts/uld_cacert.pem
TLS_REQCERT demand

---------------------------------------------------

$ ldapsearch -H ldaps://jld1.j-parc.jp -x -D "uid=manabe,ou=u
ser,
ou=People,o=J-PARC Center,c=jp" -W -b "uid=manabe,ou=user,ou=People,o=J-PARC Cen
ter,c=jp"
Enter LDAP Password:
ldap_bind: Can't contact LDAP server (-1)
        additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

“–‘RЋё”s

--------------------------------------------
$ openssl s_client -CAfile uld_cacert.pem -connect jld1.j-par
c.jp:ldaps
CONNECTED(00000003)
depth=1 /C=JP/L=Academe2/O=National Institute of Informatics/OU=UPKI/OU=NII Open Domain CA - G2
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=JP/L=Academe2/O=J-PARC Center/CN=jld1.j-parc.jp
   i:/C=JP/L=Academe2/O=National Institute of Informatics/OU=UPKI/OU=NII Open Domain CA - G2
 1 s:/C=JP/L=Academe2/O=National Institute of Informatics/OU=UPKI/OU=NII Open Domain CA - G2
   i:/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEFzCCAv+gAwIBAgIIKqc+ilJLEc0wDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UE
BhMCSlAxETAPBgNVBAcTCEFjYWRlbWUyMSowKAYDVQQKEyFOYXRpb25hbCBJbnN0
aXR1dGUgb2YgSW5mb3JtYXRpY3MxDTALBgNVBAsTBFVQS0kxIDAeBgNVBAsTF05J
SSBPcGVuIERvbWFpbiBDQSAtIEcyMB4XDTA5MTAwNTA1NTYzMFoXDTExMTEwNDA2
MDYzMFowUTELMAkGA1UEBhMCSlAxETAPBgNVBAcTCEFjYWRlbWUyMRYwFAYDVQQK
Ew1KLVBBUkMgQ2VudGVyMRcwFQYDVQQDEw5qbGQxLmotcGFyYy5qcDCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAw4bCYQKiTCpqKsMz8xzIIzcOYji7BtVzMV3E
BeKrIyG64qPNGJC7w0ERlPMhIWDy35peTuTYIOqqFoLV7IPYxVL7Ci0xvLPN3Tii
+i6PghYnHYo8vYyjY21wlGbJvVm8TlkUMQNrSpCXEqMP9fPiCrB2i1yJXUypQ1H2
wTxpdIsCAwEAAaOCAUkwggFFMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr
BgEFBQcDATAdBgNVHQ4EFgQUR+Mt49zIuchiywbliAxRmOGkLsAwHwYDVR0jBBgw
FoAUewoH9xjKjA7W2rxQgGwsRwLRDfswGQYDVR0RBBIwEIIOamxkMS5qLXBhcmMu
anAwZgYDVR0gBF8wXTBNBgoqgwiMnB4BAgIBMD8wPQYIKwYBBQUHAgEWMWh0dHBz
Oi8vcmVwbzEuc2Vjb210cnVzdC5uZXQvc3BjcHAvY3BzL2luZGV4Lmh0bWwwDAYK
KoMIjJsbZIcFATBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vcmVwbzEuc2Vjb210
cnVzdC5uZXQvc3BwY2EvbmlpL29kY2EyL2Z1bGxjcmwuY3JsMBEGCWCGSAGG+EIB
AQQEAwIGQDANBgkqhkiG9w0BAQUFAAOCAQEASn2JCORIHhgszg3l3zu5fXqPam/L
fQY6ReuAGi/TxppHXrphxxfePb6kbs4MAV6X5NFhxnvZlo1cIzH176MjJIIyq2PS
HNjaTSujqQZ1yuS6e4hzJ8aOjJSYDtqkQ8iDWAkjOqsZnRm68jhj2kIgSp0i2cnW
sFHDOqa5gsqWDmt0dQj9JNDBG3g6YdojG28h7e4yYQrZVbCUFWGCVQ/cAn04uxsa
myDzJIBC3En8LU93HBlGFBT2bPzhUUfGnxcx1Cc3H3upM2zc2s5Q7VSt66NYvlBh
VKSzb79FUDuwS/qLu0v/GmPubaDtcT1m/hPHbI3D7idZKBp1GfjUhmR4sw==
-----END CERTIFICATE-----
subject=/C=JP/L=Academe2/O=J-PARC Center/CN=jld1.j-parc.jp
issuer=/C=JP/L=Academe2/O=National Institute of Informatics/OU=UPKI/OU=NII Open Domain CA - G2
---
No client certificate CA names sent
---
SSL handshake has read 2328 bytes and written 340 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: E58833495795E7DE9C3149C17D68800E1635A34868ADE119F4C0661EB364C5C4
    Session-ID-ctx:
    Master-Key: E7FAFE229B1A4F516F56AF15A7EEF4D73E2117B17A86E6CB17838CDC9FBB68F3F4E64F39DD32B7915BE491D3583E2F36
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1290768928
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---

References:
- [upki-odcert:56] re: FirePass 1200 $B$*$h$S(B OpenLDAP $B$*$h$S(B Cisco ASA 5520 $B$X$N>ZL@=q%$%s%9%H!<%kJ}K!(B
  - From: manabe
- [upki-odcert:57] Re: FirePass 1200 $B$*$h$S(B OpenLDAP $B$*(B$B$h$S(B Cisco ASA 5520 $B$X$N>ZL@=q(B$B%$%s%9%H!<%kJ}K!(B
  - From: Takeshi NISHIMURA
- [upki-odcert:58] Re: FirePass 1200 $B$*$h$S(B OpenLDAP $B$*$h$S(B Cisco ASA 5520 $B$X$N>ZL@=q%$%s%9%H!<%kJ}K!(B
  - From: manabe
- [upki-odcert:59] Re: FirePass 1200 $B$*$h$S(B OpenLDAP $B$*(B$B$h$S(B Cisco ASA 5520 $B$X$N>ZL@=q(B$B%$%s%9%H!<%kJ}K!(B
  - From: Takeshi NISHIMURA

Prev by Date: [upki-odcert:59] Re: FirePass 1200 $B$*$h$S(B OpenLDAP $B$*(B$B$h$S(B Cisco ASA 5520 $B$X$N>ZL@=q(B$B%$%s%9%H!<%kJ}K!(B
Next by Date: [upki-odcert:00062] pop3s$B$H(Bimaps$B$G$NCf4V(BCA$B>ZL@(B$B=qMxMQ$K$D$$$F(B
Previous by thread: [upki-odcert:59] Re: FirePass 1200 $B$*$h$S(B OpenLDAP $B$*(B$B$h$S(B Cisco ASA 5520 $B$X$N>ZL@=q(B$B%$%s%9%H!<%kJ}K!(B
Next by thread: [upki-odcert:00062] pop3s$B$H(Bimaps$B$G$NCf4V(BCA$B>ZL@(B$B=qMxMQ$K$D$$$F(B
Index(es):
- Date
- Thread

[upki-odcert:60] Re: FirePass 1200 $B$*$h$S(B OpenLDAP $B$*$h$S(B Cisco ASA 5520 $B$X$N>ZL@=q%$%s%9%H!<%kJ}K!(B

[upki-odcert:60] Re: FirePass 1200 $B$$h$S(B OpenLDAP $B$$h$S(B Cisco ASA 5520 $B$X$N>ZL@=q%$%s%9%H!<%kJ}K!(B