rlm_ldap TLS: can't connect: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user..

Reyor, William F. wreyor at fairfield.edu
Mon Nov 28 17:49:23 CET 2016


Has anyone run into this issue on rhel 7? If I test unencrypted I can 
authenticate against ldap without issue. However if I set 
/etc/raddb/mods-enabled/ldap to use port 636 (encrypted) I receive the 
following certificate error.

rlm_ldap (ldap): Opening additional connection (0)
rlm_ldap (ldap): Connecting to authdir.fairfield.edu:636
TLS: certificate [CN=AddTrust External CA Root,OU=AddTrust External TTP 
Network,O=AddTrust AB,C=SE] is not valid - error -8172:Peer's certificate 
issuer has been marked as not trusted by the user..
TLS: error: connect - force handshake failure: errno 21 - moznss error -8172
TLS: can't connect: TLS error -8172:Peer's certificate issuer has been marked 
as not trusted by the user..

Thanks,
Bill
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4807 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20161128/43002288/attachment.bin>


More information about the Freeradius-Users mailing list