Trying to setup SSL AD integration and I get the below error. Can you please help resolve it?
Unable to authenticate: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (EE certificate key too weak)
SSL AD Integration
Re: SSL AD Integration
What OS/version is your XI system running?
The SSL settings on the XI system likely don't allow it.
A proper fix would be to regenerate the cert/key on your domain controller with a stronger certificate key to match what the newer XI server OS is requiring but there is likely a method to reduce the security level on the XI server OS (not something I generally recommend but may be needed in certain situations where you can't/don't want to update the domain controller's cert).
PM the full output of this command as well:
- Change X.X.X.X to the IP or DNS name of your domain controller
Code: Select all
uname -a
cat /etc/*release
php -v
A proper fix would be to regenerate the cert/key on your domain controller with a stronger certificate key to match what the newer XI server OS is requiring but there is likely a method to reduce the security level on the XI server OS (not something I generally recommend but may be needed in certain situations where you can't/don't want to update the domain controller's cert).
PM the full output of this command as well:
- Change X.X.X.X to the IP or DNS name of your domain controller
Code: Select all
echo 'DONE' | openssl s_client -showcerts -connect X.X.X.X:636Re: SSL AD Integration
Code: Select all
# cat /etc/*release
NAME="Red Hat Enterprise Linux"
VERSION="8.5 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.5 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/8/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.5
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.5"
Red Hat Enterprise Linux release 8.5 (Ootpa)
Red Hat Enterprise Linux release 8.5 (Ootpa)
# php -v
PHP 7.2.24 (cli) (built: Oct 22 2019 08:28:36) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
ssax wrote:What OS/version is your XI system running?
The SSL settings on the XI system likely don't allow it.Code: Select all
uname -a cat /etc/*release php -v
A proper fix would be to regenerate the cert/key on your domain controller with a stronger certificate key to match what the newer XI server OS is requiring but there is likely a method to reduce the security level on the XI server OS (not something I generally recommend but may be needed in certain situations where you can't/don't want to update the domain controller's cert).
PM the full output of this command as well:
- Change X.X.X.X to the IP or DNS name of your domain controller
Code: Select all
echo 'DONE' | openssl s_client -showcerts -connect X.X.X.X:636
Re: SSL AD Integration
I'm not sure you'll be able to, you could try doing this:
See here:
https://access.redhat.com/articles/3666211
Code: Select all
update-crypto-policies --set LEGACY
reboothttps://access.redhat.com/articles/3666211
Re: SSL AD Integration
Any updates on this issue? I am running into identical problem on rhel 8. Tried legacy mode update-crypto-policies --set LEGACY. Certificates from the AD seem to be working fine for the rest of the organization.
Re: SSL AD Integration
@basbb, I claimed the ticket you submitted and requested more information.
@mcockram did that resolve the issue for you or are you still having issues?
@mcockram did that resolve the issue for you or are you still having issues?