On Tue, Nov 19, 2019 at 09:38:55AM +0200, Todor Petkov wrote: > Hello, > > I am trying to configure sssd authentication on Debian 10.2, sssd > 1.16.3, against 389-ds with self-signed certificate. > > In /etc/sssd/sssd.conf I have the line "ldap_tls_reqcert = never" > line, but when I start sssd manually on the command line, it says " > [sss_ldap_init_sys_connect_done] (0x0020): ldap_install_tls failed: > [Connect error] [Key usage violation in certificate has been > detected.]" > > Can someone give me a hint how to teach sssd to ignore the certificate?
IIRC the reqcert option only allows you to suppress the CA chain verification, so the cert doesn't then have to be signed by a trusted CA. But it still has to have the key usage bits set to allow for TLS server usage. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org