Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Certificate failure when binding LDAPS with ACS 5.5

Hi all,

I am integrating ACS with Secure LDAP and receive the following error when i do the Test Bind to Server 'Connection test bind Failed: certificate not found'. On DC i receive the following error 'EventID 36887 with AlertDesc 46'.

The certificates (the full chain starting with the root certificate) are however installed on the server and can be viewed under 'Users and Identity Stores - Certificate Authorities', along with DC certificate.

The same certificate chain is working as expected with Sourcefire so I do not believe there is something wrong with the certificate itself.

Any idea what could be wrong?

1 REPLY
New Member

What you can do in order to

What you can do in order to help mitigate if this is a cert issue is try to use openssl to connect to the ldaps port. You can use a linux box if you have one handy and run this command found here:

 

  • Check an SSL connection. All the certificates (including Intermediates) should be displayed openssl s_client -connect www.paypal.com:443

Using paypal as an example and you should see the entire chain, verify that the root CA trails the list of certs and make sure that is what you are using in order to build your ldaps connection.

 

 

( refer the site -

http://www.sslshopper.com/article-most-common-openssl-commands.html)

 

 

 

 

Also check the following example:

http://www.cisco.com/en/US/products/ps9911/products_configuration_example09186a0080bb5132.shtml

165
Views
0
Helpful
1
Replies