LDAP = Failed setting connection option certificate_file

Dave Walsh dave_walsh at lsrhs.net
Wed Jul 17 14:44:39 CEST 2019


Just to close the loop on this, creating a PEM with the full chain wasn't
enough. But I was able to bypass the certificate error by using stunnel.
Amazingly, Google's directions worked as written. :)

Thanks for the nudge in the correct direction.

-Dave Walsh
Network Administrator
Lincoln-Sudbury Regional HS
Sudbury, MA 01776
(978) 443-9961 x3336


On Mon, Jul 15, 2019 at 3:34 PM Alan DeKok <aland at deployingradius.com>
wrote:

> On Jul 15, 2019, at 8:10 PM, Dave Walsh <dave_walsh at lsrhs.net> wrote:
> >
> > New installation (3.0.19) on Mac OS X 10.14.5. I believe I have
> > configured it via the Google directions (well, as modified by a post
> > from a few months back)
>
>   I asked google to update their documentation months ago.  So far, no
> luck.
>
> > but I keep getting an Failed setting
> > connection option certificate_file: Unknown error and ldap won't
> > instantiate.
> >
> > Certificate and key are as downloaded from Google, but renamed
> > ldap-client.crt and ldap-client.key - these are just intended to be
> > used to connect to the Google SecureLDAP service which we want to use
> > for authentication on our new WiFi network.
> >
> > Do I need to make a .pem file with more than just the .crt?
>
>   You may need a PEM file.  It's not the same format as the CRT.
> >
>
> > rlm_ldap (ldap): Failed setting connection option certificate_file:
> > Unknown error
>
>   <sigh>  This is either libldap or OpenSSL being "helpful".
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list