Hi,

 

we want to establish an LDAP Connection from our Domino 9.0.1 to our AD on Windows Server 2008 R2.

Then Connection using SSL/TLS can be made via a tool.

When trying to connect from the Domino Server, we get the following error:

 

040C:000F-0A8C] 23.11.2016 15:18:02,29 SSLProcessClientHello> Extension type 0x0023, extension length 0x0000

[040C:000F-0A8C] 23.11.2016 15:18:02,29 SSLProcessClientHello> Processing TLS signature algorithms extension

[040C:000F-0A8C] 23.11.2016 15:18:02,29 SSLProcessClientHello> Client supports hash mask 0x007C; server cert chain has mask 0x0010

[040C:000F-0A8C] 23.11.2016 15:18:02,29 SSLProcessClientHello> Extension type 0x000F, extension length 0x0001

[040C:000F-0A8C] 23.11.2016 15:18:02,29 SSLProcessClientHello> hash/alg in certchain  fSupHasAlg:0000

[040C:000F-0A8C] 23.11.2016 15:18:02,29 SSLProcessClientHello> We selected cipher ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030)

[040C:000F-0A8C] 23.11.2016 15:18:02,29 SSLProcessHandshakeMessage Exit> Message: ClientHello (1) State: HandshakeServerIdle (3) Key Exchange: 15 Cipher: ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030)

[040C:000F-0A8C] 23.11.2016 15:18:02,29 SSLAdvanceHandshake Enter> Processed: ClientHello (1) State: HandshakeServerIdle (3)

[040C:000F-0A8C] 23.11.2016 15:18:02,29 SSLAdvanceHandshake client_hello> SGC FLAG: 0   Count = 2

[040C:000F-0A8C] 23.11.2016 15:18:02,31 SSLAdvanceHandshake calling SSLPrepareAndQueueMessage> SSLEncodeServerHello

[040C:000F-0A8C] 23.11.2016 15:18:02,31 SSLEncodeServerHello> Sending empty renegotiation_info (0xff01) extension

[040C:000F-0A8C] 23.11.2016 15:18:02,31 SSLEncodeServerHello> Sending supported point formats (0x000b) extension

[040C:000F-0A8C] 23.11.2016 15:18:02,31 SSLAdvanceHandshake calling SSLPrepareAndQueueMessage> SSLEncodeCertificate

[040C:000F-0A8C] 23.11.2016 15:18:02,31 SSLEncodeCertificate> Generating a certificate message with 2 certs

[040C:000F-0A8C] 23.11.2016 15:18:02,31 SSLAdvanceHandshake calling SSLPrepareAndQueueMessage> SSLEncodeServerKeyExchange

[040C:000F-0A8C] 23.11.2016 15:18:02,36 SSLAdvanceHandshake calling SSLPrepareAndQueueMessage> SSLEncodeServerHelloDone

[040C:000F-0A8C] 23.11.2016 15:18:02,36 SSLAdvanceHandshake Exit> State HandshakeClientKeyExchange (11)

[040C:000F-0A8C] 23.11.2016 15:18:02,36 SSL_Handshake> After handshake state = HandshakeClientKeyExchange (11); Status = -5000

[040C:000F-0A8C] 23.11.2016 15:18:02,36 int_MapSSLError> Mapping SSL error -5000 to 4176 [SSLHandshakeNoDone]

 

The process Ends with the message "invalid certificate chain"

What's wrong? Any tipps are appreciated.

 

Best regards,

Andreas