Hello. I sucessfully configured ldap authorization on my UCS Central machine, but unable to upgrade connection to SSL or TLS. That I did:
- checked ssl checkbox, changed port to 636 (tried both 389 and 636);
- at certificates section I created new trusted point with my root CA self-signed certificate;
- also I created second trusted point with certification chain of openldap server: certificate of openldap server, then CA self signed certificate.
When I trying to login to UCS Central via web with ldap domain I got on the openldap side:
slapd: conn=1008 fd=19 closed (TLS negotiation failure)
My openldap server shows correct answer on "openssl s_client -connect openldap.domain.tld:636 -showcerts -state" with full chain of certificates: CA certificate, then server certificate, which is same as I imported to UCS Central. The DNS name of openldap server in UCS Central configuration is same as CN in openldap server certificate.
Where is my mistake? How can I debug ldap ssl to console or syslog from UCS Central for troubleshooting? My ucs central version is 1.2(1a).