[ovirt-users] LDAP authentication with TLS
Alon Bar-Lev
alonbl at redhat.com
Tue Oct 6 21:01:59 UTC 2015
Hi,
Can you please send me the profile, the keystore you created and the output of:
openssl s_client -connect server:636 -showcerts < /dev/null
Thanks!
----- Original Message -----
> From: "Steve Dainard" <sdainard at spd1.com>
> To: "users" <users at ovirt.org>
> Sent: Tuesday, October 6, 2015 11:50:41 PM
> Subject: [ovirt-users] LDAP authentication with TLS
>
> Hello,
>
> Trying to configure Ovirt 3.5.3.1-1.el7.centos for LDAP authentication.
>
> I've configured the appropriate aaa profile but I'm getting TLS errors
> when I search for users to add via ovirt:
>
> The connection reader was unable to successfully complete TLS
> negotiation: javax_net_ssl_SSLHandshakeException:
> sun_security_validator_ValidatorException: No trusted certificate
> found caused by sun_security_validator_ValidatorException: No trusted
> certificate found
>
> I added the external CA certificate using keytool as per
> https://github.com/oVirt/ovirt-engine-extension-aaa-ldap with
> appropriate adjustments of course:
>
> keytool -importcert -noprompt -trustcacerts -alias myrootca \
> -file myrootca.pem -keystore myrootca.jks -storepass changeit
>
> I know this certificate works, and can connect to LDAP with TLS as I'm
> using the same LDAP configuration/certificate with SSSD.
>
> Can anyone clarify whether I should be adding the external CA
> certificate or the LDAP host certificate with keytool or any other
> suggestions?
>
> Thanks,
> Steve
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
More information about the Users
mailing list