Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
trouble connecting to ldap ssl 636
« previous
next »
Print
Pages: [
1
]
Author
Topic: trouble connecting to ldap ssl 636 (Read 4291 times)
thorstensd
Newbie
Posts: 9
Karma: 1
trouble connecting to ldap ssl 636
«
on:
July 06, 2020, 08:31:37 am »
Hello,
I`m having trouble to connect to my Active Directory with LDAP over SSL on Port 636:
opnsense: LDAP bind error [error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (unable to get local issuer certificate),Can't contact LDAP server]
I was copying the certificate given by
openssl s_client -connect ad.domain.intern:636 -showcerts
to system->trust->authorities-> add -> certificate data
Still the same problem. After hours of googling and testing, I do not have any further ideas where the problem comes from.
My used Version is 20.1.3
Any help would be appreciated.
Best regards, Thorsten
«
Last Edit: July 08, 2020, 08:56:55 am by thorstensd
»
Logged
thorstensd
Newbie
Posts: 9
Karma: 1
Re: trouble connecting to ldap ssl 636
«
Reply #1 on:
July 08, 2020, 09:13:56 am »
I`m still working on this Problem, depeding to the situation, that Microsoft will stop LDAP without SSL in future.
I have also tested now to add the certificate of my ldap Server to:
to system->trust-> certificate
but no effect.
Is there maybe a possibility to deactivate the check of the certificate and oly accept it.
I found in older versions by using Google, comments, that I have to add the certificate as the peer certificate of the ldap Server. On Version 20.1 it seams this function is not available anymore - could that be the Problem?
Thank you very much.
Logged
thorstensd
Newbie
Posts: 9
Karma: 1
Re: trouble connecting to ldap ssl 636
«
Reply #2 on:
July 08, 2020, 02:28:31 pm »
For anybody else in future having this kind of problem - I found 2 solutions.
1. I´m using a Windows certificate autority inside my network. In all Infos I found in the web, there was single information missing. The one and only thing you need to do (if you Microsoft Authority is up and running), is to put you internal public CA certificate into system -> trust -> authority (only data field needed). Make a reboot of opensense and it will work (in my case).
2. solution, use the HA-Bridge, I found a very simple instruction and it is working exactly how its written in this documentation:
https://www.routerperformance.net/opnsense-bypass-ldaps-errors-via-haproxy/
Logged
odelreym
Newbie
Posts: 1
Karma: 0
Re: trouble connecting to ldap ssl 636
«
Reply #3 on:
August 10, 2020, 11:16:35 pm »
Hey thorstensd
I'm trying to connect an OPNSense to an AD (in Azure) and I'm having the same problem as you had
What do you mean when you say?
"The one and only thing you need to do (if you Microsoft Authority is up and running), is to put you internal public CA certificate into system -> trust -> authority (only data field needed)"
Is it not the same as doing
openssl s_client -connect ad.domain.intern:636 -showcerts
and to import the CA into the trust->authority?
Thanks in advance
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
trouble connecting to ldap ssl 636