×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

unable to configure ssl connection UCS Central to openldap

Unanswered Question
Nov 13th, 2014
User Badges:

Hello. I sucessfully configured ldap authorization on my UCS Central machine, but unable to upgrade connection to SSL or TLS. That I did:

  1. checked ssl checkbox, changed port to 636 (tried both 389 and 636);
  2. at certificates section I created new trusted point with my root CA self-signed certificate;
  3. also I created second trusted point with certification chain of openldap server: certificate of openldap server, then CA self signed certificate.

When I trying to login to UCS Central via web with ldap domain I got on the openldap side: 

slapd[12638]: conn=1008 fd=19 closed (TLS negotiation failure)

My openldap server shows correct answer on "openssl s_client -connect openldap.domain.tld:636 -showcerts -state" with full chain of certificates: CA certificate, then server certificate, which is same as I imported to UCS Central. The DNS name of openldap server in UCS Central configuration is same as CN in openldap server certificate.

Where is my mistake? How can I debug ldap ssl to console or syslog from UCS Central for troubleshooting? My ucs central version is 1.2(1a).

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
raven428c Mon, 11/17/2014 - 10:20
User Badges:

Today I've deployed new host with UCS Central and I made same configuration for ldap authorization at this new host. I didn't touch any other options - only ldap configuration. It works with SSL checkbox and successfully connects to same openldap server with STARTTLS protocol.

So I guess my openldap server is fine and I have something wrong in my current UCS Central config, but I can't discover this issue. How can I do it?

Actions

This Discussion