Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Nim and ssl

Status
Not open for further replies.

fjdude

Programmer
Joined
Jan 2, 2009
Messages
3
Location
NL
Hi all,

I'm trying to secure my environment by using nimsh and ssl. So i can diable all remote-exec services (rsh,rexec and rlogin).

I running AIX 6100-02-01-0847, openssl 0.9.6m-2.
Installing went fine.
Nim works via nimsh without ssl.
But when i run command nimclient -c it all stops....
nimlog:
Fri Jan 2 15:25:31 2009 file descriptor is 5
Fri Jan 2 15:25:31 2009 file descriptor is : 5
Fri Jan 2 15:25:31 2009 family is : 2
Fri Jan 2 15:25:31 2009 source port is : 1023
Fri Jan 2 15:25:31 2009 source addr is : 172.211.171.631
Fri Jan 2 15:25:31 2009 source hostname is : unix5.org.nl
Fri Jan 2 15:25:31 2009 getting 2nd port
Fri Jan 2 15:25:31 2009 count equals 0
Fri Jan 2 15:25:31 2009 count equals 1
Fri Jan 2 15:25:31 2009 count equals 2
Fri Jan 2 15:25:31 2009 count equals 3
Fri Jan 2 15:25:31 2009 count equals 4
Fri Jan 2 15:25:31 2009 got stderr port 1022
Fri Jan 2 15:25:31 2009 success: we got 1st write query is 0
Fri Jan 2 15:25:31 2009 success: we got 2nd write local id is 00C9811E4C00
Fri Jan 2 15:25:31 2009 success: we got 3rd write remote id is 00C1F11E4C00
Fri Jan 2 15:25:31 2009 success: we got 4th write command is /usr/lpp/bos.sysmgt/nim/me
Fri Jan 2 15:25:31 2009 passing OpenSSL setting of 1
Fri Jan 2 15:25:31 2009 set symbol table
Fri Jan 2 15:25:31 2009 seed_prng
Fri Jan 2 15:25:31 2009 cert filename - /ssl_nimsh/certs/unix5.org.nl.0
Fri Jan 2 15:25:31 2009 Loading certificates..
Fri Jan 2 15:25:31 2009 Loading private key file..
Fri Jan 2 15:25:31 2009 create BIO
Fri Jan 2 15:25:31 2009 -Error: peer certificate: application verification failure
Fri Jan 2 15:25:31 2009 Error checking SSL object after connection

Could not find any other log to help me out.

Thnx Fjd

 
If you figure it out let me know. I wasn't able to get it working and never bothered to open a support call. I figured maybe they would fix the problem with a new release :)
 
This looks a bit odd ...

source addr is : 172.211.171.631
 
My company wouldnt like me to elaborate about the adresses we use.
So i randomly changed numbers and yes.......
172.211.171.631
seems to be wrong.

I suppose if you had the correct numbers you solve this problem ???
 
Resolved !

activate ssl on server (smitty nim_ssl)
activate ssl onclient (smitty nim_config_services)
This will get new server.pem from master on client but still...... not working:

stopsrc -s nimesis on server
stopsrc -s nimsh on client
startsrc -s nimesis onserver
startsrc -s nimsh on client.

will resolve the certificate problem.

THNX all
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top