Certificate issue after upgrade in the LDAP module - Let's Encrypt certs not working either
Alan DeKok
aland at deployingradius.com
Wed Mar 29 22:59:55 UTC 2023
On Mar 30, 2023, at 12:02 AM, Kaya Saman via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I'm using StartTLS in OpenLDAP so FR got provisioned eons ago with a working setup which has been flawless for may years, I created an raddb/ldap folder where I put my ldap TLS certs. I performed an upgrade recently and then noticed that some services had gone down. This is the relevant output of radiusd -X:
>
> rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots used
> rlm_ldap (ldap): Connecting to ldap://fqdn:389
> TLS certificate verification: Error, self signed certificate
> TLS: can't connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (self signed certificate).
Unfortunately that message is coming from libldap. So for some reason, libldap doesn't like the certificate.
You may need to add the CA to the global certificate store on the machine running LDAP. Or update the LDAP server configuration to trust the CA which FreeRADIUS is using.
Alan DeKok.
More information about the Freeradius-Users
mailing list