LDAP Authentication - LDAPS protocol


#1

I’m trying to enable LDAP auth over LDAPS protocol
I get the error : SSLHandshakeException - unable to find valid certification path to requested target

I have added the cert as below and still no luck

hal config security api ssl edit --truststore --truststore-password --truststore-type jks


#2

Does the non-SSL auth worth for you?


#3

You maybe missing the certificate used by LDAP server

openssl s_client -showcerts -connect ldap.server.com:636
will retrieve the certificate from LDAP (lines between begin and end). Create a certificate file with the retrieved certificate, say ldapcert.crt

copy the certificate to /usr/share/ca-certificates/

Import the certificate, to allow the trust
sudo dpkg-reconfigure ca-certificates

Verify the certificate
openssl verify -CApath /etc/ssl/certs/ldapcert.pem


#4

Yes it does