LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Best way to create a SSL/TLS certificate to connect the LDAP Client (https://www.linuxquestions.org/questions/linux-newbie-8/best-way-to-create-a-ssl-tls-certificate-to-connect-the-ldap-client-4175436139/)

rgtruss 11-07-2012 02:48 PM
Best way to create a SSL/TLS certificate to connect the LDAP Client
 
I am trying to setup a RHEL6.3 server with the ldap client to use LDAP authentication from a Novell 8.8 ldap directory. I would like to be able to make a TLS connection. I created a CSR and signed using the CA from the directory server. I then convert the certificate to PEM format and placed in the etc/openldap/cacerts subdirectory.

When I start SSSD the messages log records this error:

sssd[be[default]]: Could not start TLS encryption. TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.

Any ideas ?

TB0ne 11-08-2012 08:00 AM
Quote:
Originally Posted by rgtruss (Post 4824446)
I am trying to setup a RHEL6.3 server with the ldap client to use LDAP authentication from a Novell 8.8 ldap directory. I would like to be able to make a TLS connection. I created a CSR and signed using the CA from the directory server. I then convert the certificate to PEM format and placed in the etc/openldap/cacerts subdirectory.

When I start SSSD the messages log records this error:

sssd[be[default]]: Could not start TLS encryption. TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.

Any ideas ?
Yes...your certificate isn't issued by a trusted authority. So, you have to self-sign it, then tell LDAP to trust any certificate from that authority. This is covered on the Red Hat knowledgebase, and since you're using RHEL, you have access to it, along with RHEL support, since you're paying for RHEL, right?
https://access.redhat.com/knowledge/...eshooting.html


All times are GMT -5. The time now is 08:40 AM.