Error 8172
Contents |
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About
Tls Error 8179 Peer's Certificate Issuer Is Not Recognized
Us Learn more about Stack Overflow the company Business Learn more about hiring is not valid - error -8179:peer's certificate issuer is not recognized developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question
Tls Error -8157:certificate Extension Not Found.
and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are tls error -5938:encountered end of file voted up and rise to the top Some systems cannot connect to ldap via ldaps, but others can, is it the wildcard cert? up vote 10 down vote favorite 5 When trying to make ldaps connections to my Novel eDirectory 8.8 server, sometimes I have to put TLS_REQCERT never in the client servers ldap.conf file. Obviously, this is a bad idea. The command I run is something ldapsearch peer's certificate issuer is not recognized like this with credentials that actually work... ldapsearch -x -H ldaps://ldapserver -b 'ou=active,ou=people,dc=example,dc=org' -D 'cn=admin,dc=example,dc=org' -W "cn=username" On Ubuntu 13.10, it works fine. On SLES it works fine. On CentOS 6.5 it returns: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Now, the cert I've imported is a wildcard cert purchased from DigiCert. My coworker found some reports indicating that some systems have issues with wildcards. So, is the wildcard cert to blame? If so, how do I fix it? If it is not the wildcard cert, then what is it? Following Andrew Schulman's suggestion, I added -d1 to my ldapsearch command. Here is what I ended up with: ldap_url_parse_ext(ldaps://ldap.example.org) ldap_create ldap_url_parse_ext(ldaps://ldap.example.org:636/??base) Enter LDAP Password: ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP ldap.example.org:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 10.225.0.24:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 TLS: certdb config: configDir='/etc/openldap' tokenDescription='ldap(0)' certPrefix='cacerts' keyPrefix='cacerts' flags=readOnly TLS: cannot open certdb '/etc/openldap', error -8018:Unknown PKCS #11 error. TLS: could not get info about the CA certificate directory /etc/openldap/cacerts - error -5950:File not found. TLS: certificate [CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user.. TLS: error: co
TLS encryption General support questions Post Reply Print view Search Advanced search 7 posts • Page 1 of 1 golden3 Posts: 41 Joined: 2014/07/22 05:55:42 Could not start TLS encryption Quote Postby golden3 » 2015/02/09 10:57:51 Hello Guys,I
"tls Error -5938:encountered End Of File"
have configured the openldap directory server , now i'm trying to login the test tls: cannot open certdb '/etc/openldap/cacerts', error -8018:unknown pkcs #11 error. user via client machine , I'm facing the below error message from /var/log/messagescan any one help to get away from the below error
Unable To Authenticate: Tls Error -8179:peer's Certificate Issuer Is Not Recognized.
.localhost sssd [be[default]] :Could not start TLS encryption. TLS error -1872 : Peer's certificate issuer has been marked as not trusted by the user.Thanks & RegardsGolden John S Top aks Posts: 1980 Joined: 2014/09/20 11:22:14 Re: http://serverfault.com/questions/579131/some-systems-cannot-connect-to-ldap-via-ldaps-but-others-can-is-it-the-wildcar Could not start TLS encryption Quote Postby aks » 2015/02/09 17:29:15 That just means that the certificate presented is NOT trusted by your certificate store, so it's pointless setting up a SSL transaction. Either add the CA's certificate (of the CA whom minted the certificate) or run LDAP without the certificate trust bit (if you can, you may not be able to as it is a bad idea from a security perspective).If it's a http://www.centos.org/forums/viewtopic.php?t=51004 self signed certificate, google for self signed certificate and openldap. Top golden3 Posts: 41 Joined: 2014/07/22 05:55:42 Re: Could not start TLS encryption Quote Postby golden3 » 2015/03/30 08:55:52 Self signed certificated are created without any issues, But the problem shown in : /var/log/messages/Could not start TLS encryption. TLS error -8172: Peers's certificate issuer has been marked as not trusted by the user.kindly give some remedy . Top TrevorH Forum Moderator Posts: 16772 Joined: 2009/09/24 10:40:56 Location: Brighton, UK Re: Could not start TLS encryption Quote Postby TrevorH » 2015/03/30 09:51:52 You have to add the CA certificate that signed the LDAP server's cert to the client. The default location is in /etc/openldap/certs so copy your CA cert in there and then you have to create a symlink to it that is named after the c_hash of the cert. Run /etc/pki/tls/misc/c_hash /etc/openldap/certs/ca.crt and it will tell you an 8 digit hex number and you have to create a symlink called that 8 digit number.0 pointing to the ca.crt file. Full time Geek, part time moderator. Use the FAQ Luke Top golden3 Posts: 41 Joined: 2014/07/22 05:55:42 Re: Could not start TLS encryption Quote Postby golden3 » 2015/03/31 10:15:15 when i try to put the above command its showing the below error, Error opening Certificate /etc/openldap/certs/ca.crt139995926329160:error:02001002:system library:fopen:No such file or directory:bss_f
Megginson
LinkedIn How to Use this Site ? RHEL 6.3 - LDAP Series - Part 4 : Troubleshooting April 1, 2013By Ramdev This is my fourth post in RHEL 6.3 LDAP implementation Series. And the purpose of this post is to give extra extra muscle to troubleshoot the issues that you encounter during or after the LDAP implementation. In this post i am documenting the troubleshooting tips that i used to solve various questions that I encountered during the LDAP configuration. For successful LDAP encryption configuration, the following command from the client should show the server's configuration without any errors. # ldapsearch -x -b ‘dc=gurkulindia,dc=com' Sometimes, we see that test fails with different errors . And in many cases the command hangs without any error. Troubleshooting at this level is very difficult because we will have no related logs neither at the server nor at the client. This Section I will be explaining the procedure to troubleshoot the connection issues between ldap client and server. My LAB Setup Information Certification Authority ( CA) SERVER : gurkulrhelca LDAP SERVER and Self LDAP Client : gurkulrhel1 - alias ldapserver LDAP CLIENT : gurkulrhel2 Certification location and their description for Encrypted Communication. CA Certificate : /etc/pki/tls/certs/cacert.pem LDAP SERVER Private Key File : /etc/pki/tls/certs/slapdkey.pem LDAP SERVER Certificate Request File : /etc/pki/tls/certs/slapdcert.pem #Note 1 : RHEL 6.3 uses "/etc/openldap/certs" default path for the signed certificates and keys. But in my configuration i have placed them in /etc/pki/tls/certs. And I have removed the below entry from the file /etc/openldap/ldap.conf file. But that is my mistake actually, I will show how I did i corrected my mistake in the later post. TLS_CACERTDIR /etc/openldap/certs Content of /etc/pki/tls/certs [root@gurkulrhel1 certs]# ls -l /etc/pki/tls/certs -rw-r-r-. 1 ldap ldap 571410 Sep 2 2011 ca-bundle.crt -rw-r-r-. 1 root root 651043 Sep 2 2011 ca-bundle.trust.crt -rw-r-r- 1 ldap ldap 1505 Mar 29 20:00 cacert.pem -