OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 20.1 Legacy Series »
  • trouble connecting to ldap ssl 636
« previous next »
  • Print
Pages: [1]

Author Topic: trouble connecting to ldap ssl 636  (Read 4277 times)

thorstensd

  • Newbie
  • *
  • Posts: 9
  • Karma: 1
    • View Profile
trouble connecting to ldap ssl 636
« on: July 06, 2020, 08:31:37 am »
Hello,

I`m having trouble to connect to my Active Directory with LDAP over SSL on Port 636:

opnsense: LDAP bind error [error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (unable to get local issuer certificate),Can't contact LDAP server]

I was copying the certificate given by
openssl s_client -connect ad.domain.intern:636 -showcerts

to system->trust->authorities-> add -> certificate data

Still the same problem. After hours of googling and testing, I do not have any further ideas where the problem comes from.

My used Version is 20.1.3

Any help would be appreciated.

Best regards, Thorsten
« Last Edit: July 08, 2020, 08:56:55 am by thorstensd »
Logged

thorstensd

  • Newbie
  • *
  • Posts: 9
  • Karma: 1
    • View Profile
Re: trouble connecting to ldap ssl 636
« Reply #1 on: July 08, 2020, 09:13:56 am »
I`m still working on this Problem, depeding to the situation, that Microsoft will stop LDAP without SSL in future.

I have also tested now to add the certificate of my ldap Server to:
to system->trust-> certificate
but no effect.

Is there maybe a possibility to deactivate the check of the certificate and oly accept it.

I found in older versions by using Google, comments, that I have to add the certificate as the peer certificate of the ldap Server. On Version 20.1 it seams this function is not available anymore - could that be the Problem?

Thank you very much.
Logged

thorstensd

  • Newbie
  • *
  • Posts: 9
  • Karma: 1
    • View Profile
Re: trouble connecting to ldap ssl 636
« Reply #2 on: July 08, 2020, 02:28:31 pm »
For anybody else in future having this kind of problem - I found 2 solutions.
1. I´m using a Windows certificate autority inside my network. In all Infos I found in the web, there was single information missing. The one and only thing you need to do (if you Microsoft Authority is up and running), is to put you internal public CA certificate into system -> trust -> authority (only data field needed). Make a reboot of opensense and it will work (in my case).
2. solution, use the HA-Bridge, I found a very simple instruction and it is working exactly how its written in this documentation:
https://www.routerperformance.net/opnsense-bypass-ldaps-errors-via-haproxy/
Logged

odelreym

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
Re: trouble connecting to ldap ssl 636
« Reply #3 on: August 10, 2020, 11:16:35 pm »
Hey thorstensd

I'm trying to connect an OPNSense to an AD (in Azure) and I'm having the same problem as you had

What do you mean when you say?

"The one and only thing you need to do (if you Microsoft Authority is up and running), is to put you internal public CA certificate into system -> trust -> authority (only data field needed)"

Is it not the same as doing
       openssl s_client -connect ad.domain.intern:636 -showcerts
and to import the CA into the trust->authority?

Thanks in advance


Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 20.1 Legacy Series »
  • trouble connecting to ldap ssl 636
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2