On 05/02/2016 03:02 PM, Alexis HAUSER wrote:
I am unsure I understand. What is missing in interactive setup to properly setup TLS? You just enter CA certificte path/url/system and Java keystore file is created for you by the tool.
I'll try to generate a new file with the interactive setup and tell you if the result is different.
So, here is my problem when using the interactive setup :
[ INFO ] Connecting to LDAP using 'ldaps://xxxx:636' [WARNING] Cannot connect using 'ldaps://xxxx:636': {'info': "TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.", 'desc': "Can't contact LDAP server"} [ ERROR ] Cannot connect using any of available options
Are you sure you've specified correct CA? Can you try running this command: LDAPTLS_CACERT=your_ldap_ca_cert.crt ldapsearch -H ldaps://@HOST@ -x -D '@USERDN@' -w '@USERPW@' -b '@BASEDN@' If it fail then most probably you have incorrect CA certificate. If it succeed, please open bug in bugzilla with logs of setup tool if possible.