On Tue, Mar 17, 2020 at 11:17:34AM -0000, Hristina Marosevic wrote:
....
Hi,
I'm sorry, I haven't read one of your earlier emails carefully enough,
please do not use "certificate_verification = no_ocsp, no_verification"
but only
certificate_verification = no_verification
'no_ocsp' implies verification but without OCSP so using both options is
an inconsistency.
bye,
Sumit
Besides this, I thought of another scenario which may help me validate the certificate. I
can add certificate_verification=no_ocsp instead of
certificate_verification=no_verification in [sssd] section of sssd.conf file, and store
the trust on the server - in that case, where should I store the trust and is it enought
just to provide the root CA certificate, or it is needed to store the intermediate CAs
certificates? Also, in which format?
If this won't work, I really have no idea of any other options for testing the PKI
based authentication, so if you have any other ideas, I will appreciate if you share it.
Thank you for your help!