Short answer: You are using an invalid SSL certificate.
Longer Answer: SSL server certificates must be capable of key exchange.
The cert you are using may be a signing only certificate. This would
make it a perfectly good cert for client authentication. It would also
make it an acceptable certificate for DHE_ type diffie Hellman server
operations. It does not work for RSA SSL server operations. You need to
either 1) don't the key usage extension, or 2) specify Key Encipherment
(or Key Exchange). The problem is that the MSADCA by default issues
these types of certificates, presumably because all of the MS clients
are configured to "just work" with them.
Darjo Gregoric wrote:
Hi,
I have a problem with AD sync. I have established synchronization without
SSL and works fine, but when I use SSL, connection is not established and I
receive error:
Simple bind failed, LDAP sdk error 81 (Can't contact LDAP server), Netscape
Portable Runtime error -8179 (Peer's Certificate issuer is not recognized.)
AD machine name is suzy.
I have exported CA and imported it on Directory server.
Certutil -L -d . gives:
CA certificate CTu,u,u
suzy CT,,
Server-Cert u,u,u
Did i miss something?
Is there any HOW TO for this type of configuration?
Regards
Darjo
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users