Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

unable to configure ssl connection UCS Central to openldap

Hello. I sucessfully configured ldap authorization on my UCS Central machine, but unable to upgrade connection to SSL or TLS. That I did:

  1. checked ssl checkbox, changed port to 636 (tried both 389 and 636);
  2. at certificates section I created new trusted point with my root CA self-signed certificate;
  3. also I created second trusted point with certification chain of openldap server: certificate of openldap server, then CA self signed certificate.

When I trying to login to UCS Central via web with ldap domain I got on the openldap side: 

slapd[12638]: conn=1008 fd=19 closed (TLS negotiation failure)

My openldap server shows correct answer on "openssl s_client -connect openldap.domain.tld:636 -showcerts -state" with full chain of certificates: CA certificate, then server certificate, which is same as I imported to UCS Central. The DNS name of openldap server in UCS Central configuration is same as CN in openldap server certificate.

Where is my mistake? How can I debug ldap ssl to console or syslog from UCS Central for troubleshooting? My ucs central version is 1.2(1a).

2 REPLIES
New Member

Today I've deployed new host

Today I've deployed new host with UCS Central and I made same configuration for ldap authorization at this new host. I didn't touch any other options - only ldap configuration. It works with SSL checkbox and successfully connects to same openldap server with STARTTLS protocol.

So I guess my openldap server is fine and I have something wrong in my current UCS Central config, but I can't discover this issue. How can I do it?

New Member

raven428c,

raven428c,

Did you ever figure this out?

364
Views
0
Helpful
2
Replies
CreatePlease to create content