Setting up AD to import users. Configured without encryption works fine. Turn encryption on I get the following error
Unable to authenticate: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (unable to get local issuer certificate)
I know this is a certificate error. I've uploaded certs for the CA, Root CA, and Domain Controller I always get that error. We have a Root and Sub CA configuration in a windows environment. I've also tried uploading the chain as both in one and individually with no luck.
I found a similar thread where this was being asked to be run
openssl s_client -showcerts -connect x.x.x.x:636 </dev/null
I did that and get back the certificate chain from the AD server. From an eyeball perspective they look correct both from the server and what's installed under nagios.
I setup debugging in the PHP file that is in the nagios guide, when I tail the apache error log there are no new entries being entered. I've restarted httpd and rebooted the server with no change in the logging.
Any help would be greatly appreciated.
AD with SSL/TLS unable to authenticate
Re: AD with SSL/TLS unable to authenticate
I use this output to validate the proper chain/subject name:
Please PM me that output.
What is the output of these commands?
What OS/version?
What PHP version?
Please enable debug logging by following this KB article:
Then run this tail command (use this one instead of the guide and leave it running):
Then try to authenticate again and PM me the entire output of the tail command above so that I can see what is occurring.
Thank you!
Code: Select all
openssl s_client -showcerts -connect x.x.x.x:636 </dev/nullWhat is the output of these commands?
Code: Select all
ls -l /etc/openldap
ls -l /etc/openldap/cacerts
ls -l /etc/openldap/certs
cat /etc/openldap/ldap.confWhat PHP version?
Code: Select all
php -vCode: Select all
https://support.nagios.com/kb/article/active-directory-ldap-troubleshooting-authentication-integration-600.htmlCode: Select all
tail -F /var/log/httpd/error_log /var/log/httpd/ssl_error_logThank you!
Re: AD with SSL/TLS unable to authenticate
Sent you a pm
John
John
Re: AD with SSL/TLS unable to authenticate
Sent a reply, please check your PMs.
Thank you!
Thank you!