- Purple, 4500 points or more
I am having an issue getting CUPS to properly support LDAP Authentication with SSL.
CUCM version 6.1(3)
CUPS version 7.0(2)
LDAP Solution: Microsoft Active Directory 2003
I have been able to get CUCM and CUPS to authenticate against LDAP using port 389 (non-SSL). I am also able to get CUCM to authenticate using port 636 (SSL). However, CUPS does not work correctly when the LDAP authentication on CUCM is configured to use SSL. I have uploaded the same root certificate to CUCM and CUPS. I have tested with https://cucmserver/ccmuser and https://cupsserver/ccmuser as well as with Unified Personal Communicator. LDAP works and LDAP over SSL does not.
I ran a network capture on both the CUCM and CUPS servers. In both traces, the transactions are basically the same:
1. tcp handshake (syn syn ack)
2. cucm/cups --> LDAP (Client Hello)
3. some exchange of TCP messages (same on both traces)
4. LDAP --> cucm/cups (Server Hello, Certificate, Certificate Request, Server Hello Done)
It is at this point where things are different. With CUCM, the CUCM server initiates client key exchange. With CUPS, the server sends an alert message (Alert: level fatal, Internal Error (80)).
So, I am somewhat at a loss. Obviously the issue is with the certificate and it is also obvious that CUPS wants a different certificate than what I have loaded on CUCM. I have loaded the exact same certificate file on both. I have generated separate certificates, I have also downloaded the CUCM version of the cert and imported it into CUPS. All to no avail.
Any thoughts on what could be wrong? Am I supposed to use a different certificate? (note: the certificate is the root CA for the DC server) Any logs/traces/etc. that I can look at to see what the "internal error" is?
Thanks and regards,