Originally Posted by rgtruss
I am trying to setup a RHEL6.3 server with the ldap client to use LDAP authentication from a Novell 8.8 ldap directory. I would like to be able to make a TLS connection. I created a CSR and signed using the CA from the directory server. I then convert the certificate to PEM format and placed in the etc/openldap/cacerts subdirectory.
When I start SSSD the messages log records this error:
sssd[be[default]]: Could not start TLS encryption. TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.
Any ideas ?
Yes...your certificate isn't issued by a trusted authority. So, you have to self-sign it, then tell LDAP to trust any certificate from that authority. This is covered on the Red Hat knowledgebase, and since you're using RHEL, you have access to it, along with RHEL support, since you're paying for RHEL, right?