Hello,
I am trying to configure SSSD on Ubuntu 20.04 against 389-DS server with self-signed certificate. Upon starting sssd, I get this message in /var/log/syslog : Could not start TLS encryption. Key usage violation in certificate has been detected
I tried adding the following lines in the domain section of sssd.conf, but to no avail: certificate_verification = no_verification ldap_tls_reqcert = allow
Can someone advise, how can I turn certificate check off? SSSD version is 2.2.3-3ubuntu0.2
Thanks in advance
Hi,
On Tue, Jan 26, 2021 at 12:06 PM Todor Petkov petkovptodor@gmail.com wrote:
Hello,
I am trying to configure SSSD on Ubuntu 20.04 against 389-DS server with self-signed certificate. Upon starting sssd, I get this message in /var/log/syslog : Could not start TLS encryption. Key usage violation in certificate has been detected
I tried adding the following lines in the domain section of sssd.conf, but to no avail: certificate_verification = no_verification
I think this ^^ option only applies to smart cards related stuff.
ldap_tls_reqcert = allow
Did you put this ^^ option into the corresponding domain section of sssd.conf? Did you try 'never' for a test?
Can someone advise, how can I turn certificate check off? SSSD version is 2.2.3-3ubuntu0.2
Thanks in advance _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
On (26/01/21 12:56), Todor Petkov wrote:
Hello,
I am trying to configure SSSD on Ubuntu 20.04 against 389-DS server with self-signed certificate. Upon starting sssd, I get this message in /var/log/syslog : Could not start TLS encryption. Key usage violation in certificate has been detected
I tried adding the following lines in the domain section of sssd.conf, but to no avail: certificate_verification = no_verification ldap_tls_reqcert = allow
Can someone advise, how can I turn certificate check off? SSSD version is 2.2.3-3ubuntu0.2
I would recommend to validate even self-signed certificate. You needn't rely on system trust chain.
man sssd-ldap says: ldap_tls_cacert (string) Specifies the file that contains certificates for all of the Certificate Authorities that sssd will recognize.
Default: use OpenLDAP defaults, typically in /etc/openldap/ldap.conf
LS
sssd-users@lists.fedorahosted.org