Trying to implement AD integration with SSL

[tcanthonyii]

Attempting to change our AD integration from non secure to ssl to solve the Microsoft Channel binding issues. We are on XI version 5.7.4. I have the root cert installed, the sub cert installed and DC cert installed. When I enable SSL/TLS or STARTTLS my AD users are no longer able to sign on into Nagios. Alternatively as a test I tried to add an AD user with SSL/TLS and STARTTLS set and I get an "unable to authenticate: TLS error -8179:Peer's certificate issuer is not recognized.

I have successfully used these exact same certificates on other systems with no issues. What is needed here to fix this:

Screen shot of error:

nagios error.jpg

[tcanthonyii]

Here is what the certificates looked like with redacted host names:

nagioscerts.jpg

[tcanthonyii]

This can be closed. I found another post that refrenced this:

Try adding this to your /etc/openldap/ldap.conf:

CODE: SELECT ALL
TLS_REQCERT allow


Then restart apache and try again:

CODE: SELECT ALL
service httpd restart


See if that allows it to work.


I did the same and it's now working for me.

[dchurch]

Let us know if you have any related questions or if we're okay to lock this up and mark it as resolved.

[tcanthonyii]

Please resolve.