Hi, folks, So I've got a very puzzling situation. Just today, when I look at sssd with systemctl status, I get this error: *Could not start TLS encryption. error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (self signed certificate in certificate chain)* However, when I run openssl s_client -showcerts -connect ldap.example.com:636, it shows a completely valid, not-self-signed certificate chain. This is happening on RHEL7 through 9. I'm puzzled. Anyone else have ideas? Thanks, John A -- John Adams Senior Linux/Middleware Administrator | Information Technology Services +1-501-916-3010 | jxadams(a)ualr.edu | http://ualr.edu/itservices *UA Little Rock* Reminder: IT Services will never ask for your password over the phone or in an email. Always be suspicious of requests for personal information that come via email, even from known contacts. For more information or to report suspicious email, visit IT Security <http://ualr.edu/itservices/security/>;. -- _______________________________________________ sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

We are connecting to an LDAP server. Thanks! On Wed, Feb 21, 2024 at 1:53 PM Spike White <spikewhitetx(a)gmail.com&gt; wrote: > Are you connecting an AD server or an LDAP server? If the former is > ad_use_ldaps set to true or false? > > Spike > > On Wed, Feb 21, 2024 at 11:46 AM Johnnie W Adams <jxadams(a)ualr.edu&gt; > wrote: > >> Hi, folks, >> >> >> So I've got a very puzzling situation. Just today, when I look at >> sssd with systemctl status, I get this error: *Could not start TLS >> encryption. error:1416F086:SSL >> routines:tls_process_server_certificate:certificate verify failed (self >> signed certificate in certificate chain)* >> >> However, when I run openssl s_client -showcerts -connect >> ldap.example.com:636, it shows a completely valid, not-self-signed >> certificate chain. >> >> This is happening on RHEL7 through 9. I'm puzzled. Anyone else have >> ideas? >> >> Thanks, >> >> John A >> >> -- >> John Adams >> Senior Linux/Middleware Administrator | Information Technology Services >> +1-501-916-3010 | jxadams(a)ualr.edu | http://ualr.edu/itservices >> *UA Little Rock* >> >> Reminder: IT Services will never ask for your password over the phone >> or in an email. Always be suspicious of requests for personal information >> that come via email, even from known contacts. For more information or to >> report suspicious email, visit IT Security >> <http://ualr.edu/itservices/security/>;. >> -- >> _______________________________________________ >> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org >> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste... >> Do not reply to spam, report it: >> https://pagure.io/fedora-infrastructure/new_issue >> > -- > _______________________________________________ > sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org > To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste... > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > -- John Adams Senior Linux/Middleware Administrator | Information Technology Services +1-501-916-3010 | jxadams(a)ualr.edu | http://ualr.edu/itservices *UA Little Rock* Reminder: IT Services will never ask for your password over the phone or in an email. Always be suspicious of requests for personal information that come via email, even from known contacts. For more information or to report suspicious email, visit IT Security <http://ualr.edu/itservices/security/>;. -- _______________________________________________ sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue