LDAP Authentication - LDAPS protocol


#1

I’m trying to enable LDAP auth over LDAPS protocol
I get the error : SSLHandshakeException - unable to find valid certification path to requested target

I have added the cert as below and still no luck

hal config security api ssl edit --truststore --truststore-password --truststore-type jks


#2

Does the non-SSL auth worth for you?


#3

You maybe missing the certificate used by LDAP server

openssl s_client -showcerts -connect ldap.server.com:636
will retrieve the certificate from LDAP (lines between begin and end). Create a certificate file with the retrieved certificate, say ldapcert.crt

copy the certificate to /usr/share/ca-certificates/

Import the certificate, to allow the trust
sudo dpkg-reconfigure ca-certificates

Verify the certificate
openssl verify -CApath /etc/ssl/certs/ldapcert.pem


#4

Yes it does


#5

Bharath:

Were you able to solve this problem?

Thanks @Rebala for the suggestion. I am getting a certificate chain when I run the openssl s_client -showcerts -connect ldap.server.com:636. Decided to pick the root cert

Ok so I do have the cert locally stored. What I don’t understand is how will this command help if my actual Spinnaker install is distributed and running on a Kubernetes Cluster:

hal config security api ssl edit --truststore --truststore-password --truststore-type jks

I would really like to understand how I can add the root cert to Fiat Pod’s truststore.

FWIW: I am running the 1.9.2 Spinnaker instance on 5 node Kubernetes Cluster (running 1.11.2)