On Tue, Mar 17, 2020 at 11:17:34AM -0000, Hristina Marosevic wrote: ....
Hi,
I'm sorry, I haven't read one of your earlier emails carefully enough, please do not use "certificate_verification = no_ocsp, no_verification" but only
certificate_verification = no_verification
'no_ocsp' implies verification but without OCSP so using both options is an inconsistency.
bye, Sumit
Besides this, I thought of another scenario which may help me validate the certificate. I can add certificate_verification=no_ocsp instead of certificate_verification=no_verification in [sssd] section of sssd.conf file, and store the trust on the server - in that case, where should I store the trust and is it enought just to provide the root CA certificate, or it is needed to store the intermediate CAs certificates? Also, in which format?
If this won't work, I really have no idea of any other options for testing the PKI based authentication, so if you have any other ideas, I will appreciate if you share it.
Thank you for your help!