Hello,

I have a production environment that uses Active Directory Authentication Source. I just upgraded to 12.1 from version 8 and noticed this select mode option "SSL Verify Mode".

I can't find much on the documentation about this field. I set it to NONE and I use LDAPS with port 636: everything works fine.

I have my Domain Controller LDAP CA certificate and I want packetfence to check server side LDAPS certificate. I see a tab with "Certificates", but there are some client side certificate options and if I try to add the CA it doesn't work, so maybe not what I'm looking for. If I set the option "SSL Verify Mode" to REQUIRE then in the log I see a fail in certificate checking and the source is not working anymore.

I installed the CA certificate on the server in /usr/local/share/ca-certificates and run update-ca-certificates, and now Debian OS has the CA, but the certificate check fails anyway if the field is set to REQUIRE.

I'm actually just curious: is there any explanation about the "SSL Verify Mode" I may have missed on how should it work? The fact there is an OPTIONAL setting it make me think it is about client side cert and not server side check. Am I right?

Regards,
Massimiliano Ballerini

--
Massimiliano Ballerini
Laboratori Guglielmo Marconi
Via Porrettana, 123 - 40037 Pontecchio Marconi (BO)
e-mail: massimiliano.baller...@labs.it
web: http://www.labs.it
mob: +39 349 2600513



_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to