On Thu, Nov 21, 2019 at 10:56 AM Jakub Hrozek <jhrozek(a)redhat.com> wrote:
IIRC the reqcert option only allows you to suppress the CA chain
verification, so the cert doesn't then have to be signed by a trusted
CA. But it still has to have the key usage bits set to allow for TLS
even with reqcert set to never, I still get errors. Same sssd.conf
works on CentOS.
I will look into it further.