rlm_ldap TLS: can't connect: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user..
Has anyone run into this issue on rhel 7? If I test unencrypted I can authenticate against ldap without issue. However if I set /etc/raddb/mods-enabled/ldap to use port 636 (encrypted) I receive the following certificate error. rlm_ldap (ldap): Opening additional connection (0) rlm_ldap (ldap): Connecting to authdir.fairfield.edu:636 TLS: certificate [CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user.. TLS: error: connect - force handshake failure: errno 21 - moznss error -8172 TLS: can't connect: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.. Thanks, Bill
Hi,
Has anyone run into this issue on rhel 7? If I test unencrypted I can authenticate against ldap without issue. However if I set /etc/raddb/mods-enabled/ldap to use port 636 (encrypted) I receive the following certificate error.
rlm_ldap (ldap): Opening additional connection (0) rlm_ldap (ldap): Connecting to authdir.fairfield.edu:636 TLS: certificate [CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user.. TLS: error: connect - force handshake failure: errno 21 - moznss error -8172 TLS: can't connect: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user..
well, you've asked to connect securely...but you havent configured your client to trust the certificate presented by the server - fairly clear from that output, yes? alan
There in lines the trouble. How do I get the LDAP module to trust a certificate? -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+wreyor=fairfield.edu@lists.freeradius.org] On Behalf Of A.L.M.Buxey@lboro.ac.uk Sent: Monday, November 28, 2016 11:56 AM To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Re: rlm_ldap TLS: can't connect: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.. Hi,
Has anyone run into this issue on rhel 7? If I test unencrypted I can authenticate against ldap without issue. However if I set /etc/raddb/mods-enabled/ldap to use port 636 (encrypted) I receive the following certificate error.
rlm_ldap (ldap): Opening additional connection (0) rlm_ldap (ldap): Connecting to authdir.fairfield.edu:636 TLS: certificate [CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user.. TLS: error: connect - force handshake failure: errno 21 - moznss error -8172 TLS: can't connect: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user..
well, you've asked to connect securely...but you havent configured your client to trust the certificate presented by the server - fairly clear from that output, yes? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
A.L.M.Buxey@lboro.ac.uk -
Reyor, William F.