Certificate issue after upgrade in the LDAP module - Let's Encrypt certs not working either

Kaya Saman kayasaman at optiplex-networks.com
Wed Mar 29 23:55:07 UTC 2023

On 3/29/23 23:59, Alan DeKok wrote:
> On Mar 30, 2023, at 12:02 AM, Kaya Saman via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>> I'm using StartTLS in OpenLDAP so FR got provisioned eons ago with a working setup which has been flawless for may years, I created an raddb/ldap folder where I put my ldap TLS certs. I performed an upgrade recently and then noticed that some services had gone down. This is the relevant output of radiusd -X:
>> rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots used
>> rlm_ldap (ldap): Connecting to ldap://fqdn:389
>> TLS certificate verification: Error, self signed certificate
>> TLS: can't connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (self signed certificate).
>    Unfortunately that message is coming from libldap.  So for some reason, libldap doesn't like the certificate.
>    You may need to add the CA to the global certificate store on the machine running LDAP.  Or update the LDAP server configuration to trust the CA which FreeRADIUS is using.
>    Alan DeKok.
Thanks Alan, I'll give it a shot!

Hope you've been well in the meantime... it has been ages :-)

Best Regards,


More information about the Freeradius-Users mailing list