OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: hbc on March 11, 2019, 12:27:28 pm

Title: [Solved?] OPNsense 19.7.3 LDAP StartTLS/SSL
Post by: hbc on March 11, 2019, 12:27:28 pm

Anybody else having issues with ldap as authentication server and using encrypted connections?

I made the update to 19.7.3 this morning and ldap with startTLS worked. After upgrade no authentication possible any more. I also tried SSL but neither works.

Changelog:

Quote

system: improve LDAPS mode and related authentication cleanups

Quote

opnsense: Could not startTLS on ldap connection [error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get issuer certificate),Connect error]

Edit:
Changed from StartTLS to SSL and vice versa. Changed hostnames of ldap from subjectAlternative to main and back. Everything configured like before.

I do not know why, but now it works again. Very strange. All certificates in chain had been imported. Else I would say a cache has been deleted during upgrade and certificates got just fetched by a cron during my tests.

Title: Re: [Solved?] OPNsense 19.7.3 LDAP StartTLS/SSL
Post by: franco on March 11, 2019, 03:26:34 pm

Worst case it required a reoobt, best case a reconfigure as we don't do that automatically on upgrade. Some files were moved and function calls replaced.


Cheers,
Franco