27 Nov
2019
27 Nov
'19
5:59 a.m.
On (27/11/19 13:31), Todor Petkov wrote:
On Thu, Nov 21, 2019 at 10:56 AM Jakub Hrozek jhrozek@redhat.com wrote:
IIRC the reqcert option only allows you to suppress the CA chain verification, so the cert doesn't then have to be signed by a trusted CA. But it still has to have the key usage bits set to allow for TLS server usage.
Hello, even with reqcert set to never, I still get errors. Same sssd.conf works on CentOS. I will look into it further.
Does "curl --cacert ./path/to/ca/crt ldaps://ldap.$yourhostname" works on debian ? Because it might be related to different system defaults on debian-10 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907788#14
LS