Author Topic: [Solved?] OPNsense 19.7.3 LDAP StartTLS/SSL (Read 3166 times)

hbc · « **on:** March 11, 2019, 12:27:28 pm »

Anybody else having issues with ldap as authentication server and using encrypted connections?

I made the update to 19.7.3 this morning and ldap with startTLS worked. After upgrade no authentication possible any more. I also tried SSL but neither works.

Changelog:

Quote

system: improve LDAPS mode and related authentication cleanups

Quote

opnsense: Could not startTLS on ldap connection [error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get issuer certificate),Connect error]

Edit:
Changed from StartTLS to SSL and vice versa. Changed hostnames of ldap from subjectAlternative to main and back. Everything configured like before.

I do not know why, but now it works again. Very strange. All certificates in chain had been imported. Else I would say a cache has been deleted during upgrade and certificates got just fetched by a cron during my tests.

franco · « **Reply #1 on:** March 11, 2019, 03:26:34 pm »

Worst case it required a reoobt, best case a reconfigure as we don't do that automatically on upgrade. Some files were moved and function calls replaced.

Cheers,
Franco

Author Topic: [Solved?] OPNsense 19.7.3 LDAP StartTLS/SSL (Read 3166 times)

hbc

[Solved?] OPNsense 19.7.3 LDAP StartTLS/SSL

franco

Re: [Solved?] OPNsense 19.7.3 LDAP StartTLS/SSL