rlm_ldap TLS: can't connect: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user..

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Mon Nov 28 17:55:50 CET 2016


Hi,
> Has anyone run into this issue on rhel 7? If I test unencrypted I can 
> authenticate against ldap without issue. However if I set 
> /etc/raddb/mods-enabled/ldap to use port 636 (encrypted) I receive the 
> following certificate error.
> 
> rlm_ldap (ldap): Opening additional connection (0)
> rlm_ldap (ldap): Connecting to authdir.fairfield.edu:636
> TLS: certificate [CN=AddTrust External CA Root,OU=AddTrust External TTP 
> Network,O=AddTrust AB,C=SE] is not valid - error -8172:Peer's certificate 
> issuer has been marked as not trusted by the user..
> TLS: error: connect - force handshake failure: errno 21 - moznss error -8172
> TLS: can't connect: TLS error -8172:Peer's certificate issuer has been marked 
> as not trusted by the user..

well, you've asked to connect securely...but you havent configured your client to trust
the certificate presented by the server - fairly clear from that output, yes?

alan


More information about the Freeradius-Users mailing list