Hi, Can you please send me the profile, the keystore you created and the output of:
openssl s_client -connect server:636 -showcerts < /dev/null Thanks! ----- Original Message ----- > From: "Steve Dainard" <sdain...@spd1.com> > To: "users" <users@ovirt.org> > Sent: Tuesday, October 6, 2015 11:50:41 PM > Subject: [ovirt-users] LDAP authentication with TLS > > Hello, > > Trying to configure Ovirt 3.5.3.1-1.el7.centos for LDAP authentication. > > I've configured the appropriate aaa profile but I'm getting TLS errors > when I search for users to add via ovirt: > > The connection reader was unable to successfully complete TLS > negotiation: javax_net_ssl_SSLHandshakeException: > sun_security_validator_ValidatorException: No trusted certificate > found caused by sun_security_validator_ValidatorException: No trusted > certificate found > > I added the external CA certificate using keytool as per > https://github.com/oVirt/ovirt-engine-extension-aaa-ldap with > appropriate adjustments of course: > > keytool -importcert -noprompt -trustcacerts -alias myrootca \ > -file myrootca.pem -keystore myrootca.jks -storepass changeit > > I know this certificate works, and can connect to LDAP with TLS as I'm > using the same LDAP configuration/certificate with SSSD. > > Can anyone clarify whether I should be adding the external CA > certificate or the LDAP host certificate with keytool or any other > suggestions? > > Thanks, > Steve > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
