cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
733
Views
0
Helpful
1
Replies

Certificate failure when binding LDAPS with ACS 5.5

frodestra
Level 1
Level 1

Hi all,

I am integrating ACS with Secure LDAP and receive the following error when i do the Test Bind to Server 'Connection test bind Failed: certificate not found'. On DC i receive the following error 'EventID 36887 with AlertDesc 46'.

The certificates (the full chain starting with the root certificate) are however installed on the server and can be viewed under 'Users and Identity Stores - Certificate Authorities', along with DC certificate.

The same certificate chain is working as expected with Sourcefire so I do not believe there is something wrong with the certificate itself.

Any idea what could be wrong?

1 Reply 1

minkumar
Level 1
Level 1

What you can do in order to help mitigate if this is a cert issue is try to use openssl to connect to the ldaps port. You can use a linux box if you have one handy and run this command found here:

 

  • Check an SSL connection. All the certificates (including Intermediates) should be displayed openssl s_client -connect www.paypal.com:443

Using paypal as an example and you should see the entire chain, verify that the root CA trails the list of certs and make sure that is what you are using in order to build your ldaps connection.

 

 

( refer the site -

http://www.sslshopper.com/article-most-common-openssl-commands.html)

 

 

 

 

Also check the following example:

http://www.cisco.com/en/US/products/ps9911/products_configuration_example09186a0080bb5132.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: