Hello,
Trying to configure Ovirt 3.5.3.1-1.el7.centos for LDAP authentication.
I've configured the appropriate aaa profile but I'm getting TLS errors
when I search for users to add via ovirt:
The connection reader was unable to successfully complete TLS
negotiation: javax_net_ssl_SSLHandshakeException:
sun_security_validator_ValidatorException: No trusted certificate
found caused by sun_security_validator_ValidatorException: No trusted
certificate found
I added the external CA certificate using keytool as per
https://github.com/oVirt/ovirt-engine-extension-aaa-ldap with
appropriate adjustments of course:
keytool -importcert -noprompt -trustcacerts -alias myrootca \
-file myrootca.pem -keystore myrootca.jks -storepass changeit
I know this certificate works, and can connect to LDAP with TLS as I'm
using the same LDAP configuration/certificate with SSSD.
Can anyone clarify whether I should be adding the external CA
certificate or the LDAP host certificate with keytool or any other
suggestions?
Thanks,
Steve