LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-07-2012, 03:48 PM   #1
rgtruss
LQ Newbie
 
Registered: Dec 2008
Posts: 1

Rep: Reputation: 0
Best way to create a SSL/TLS certificate to connect the LDAP Client


I am trying to setup a RHEL6.3 server with the ldap client to use LDAP authentication from a Novell 8.8 ldap directory. I would like to be able to make a TLS connection. I created a CSR and signed using the CA from the directory server. I then convert the certificate to PEM format and placed in the etc/openldap/cacerts subdirectory.

When I start SSSD the messages log records this error:

sssd[be[default]]: Could not start TLS encryption. TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.

Any ideas ?
 
Old 11-08-2012, 09:00 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,349

Rep: Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910Reputation: 3910
Quote:
Originally Posted by rgtruss View Post
I am trying to setup a RHEL6.3 server with the ldap client to use LDAP authentication from a Novell 8.8 ldap directory. I would like to be able to make a TLS connection. I created a CSR and signed using the CA from the directory server. I then convert the certificate to PEM format and placed in the etc/openldap/cacerts subdirectory.

When I start SSSD the messages log records this error:

sssd[be[default]]: Could not start TLS encryption. TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.

Any ideas ?
Yes...your certificate isn't issued by a trusted authority. So, you have to self-sign it, then tell LDAP to trust any certificate from that authority. This is covered on the Red Hat knowledgebase, and since you're using RHEL, you have access to it, along with RHEL support, since you're paying for RHEL, right?
https://access.redhat.com/knowledge/...eshooting.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
openldap client authentication without TLS certificate. shiden Linux - Server 11 07-31-2012 08:30 AM
Issues with LDAP over TLS/SSL Fiona75 Linux - Server 18 05-16-2012 10:50 AM
TLS/SSl client certificate creation for LDAP. sheelavantar Linux - Server 2 09-20-2011 10:35 PM
How to import/use CAcert SSL root certificate to use SSL with Xchat IRC client? GrapefruiTgirl Linux - Software 9 04-05-2011 10:54 AM
Difference between TLS and SSL certificate the_gripmaster Linux - Security 2 06-15-2009 10:08 PM


All times are GMT -5. The time now is 01:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration