I have been able to force NSSProtocol to TLSv1.2 on the web service of this IPA server in the nss.conf. But I am receiving a Threat Assessment Hit (SecureWorks) that TLSv1.0 is open on port 636/TCP. I attempted to manually edit the /etc/dirsrv/slapd-<domain>/dse.ldif file, but once I made that change it broke the 389Directory and it would not start.
What is the proper way to change the overall openssl configuration to set the ssl_min toTLSv1.2?
Assistant Director of Information Systems
Information Technology & Security
State University System of Florida
Board of Governors
325 W. Gaines Street
Tallahassee, Florida 32399
I have 12 freeipa servers deployed with integrated DNS and CA (realm and domain int.example.com).
I would like to make a DNS round-robin, for instance:
request ldap.int.example.com and forward for one of the servers and also an external domain ldap.example.com
The problem is with the certificate, the TLS handshake fails because there's no alternative name with ldap.int.example.com or ldap.example.com.
I read the redhat documentation about certificate manipulation, but I got very confused in fact how it works.
How can I do that? Are there another recommendation?