Hi,
This was working until recently, I thought I'd found an issue with a cert, but turns out it wasn't the issue. I am trying to authenticate against Windows AD (functional level 2016). Everything looks ok, certs and config, but when I use the tester, I get the following error:
LDAP bind error [error:0A000086:SSL routines::certificate verify failed (CA signature digest algorithm too weak); Can't contact LDAP server]
I don't really know where to look. For now I have set our VPN to use local users but I'd like to go back to AD if possible. Any ideas?
Thanks!
You can use stunnel to connect to your DC over LDAPS, port 636 ignoring cert validity and present an unencrypted LDAP socket at 127.0.0.1:389. Then use this for OpenVPN. No unencrypted packet leaves the firewall.
I got tired of messing with the idiosyncrasies of Windows and certificates. Has been running stably for years.
That sounds interesting. I'll take a look. Thanks!
Well that took about 2 mins to get working! Thank you very much!