Hello,
I have a production environment that uses Active Directory
Authentication Source. I just upgraded to 12.1 from version 8 and
noticed this select mode option "SSL Verify Mode".
I can't find much on the documentation about this field. I set it to
NONE and I use LDAPS with port 636: everything works fine.
I have my Domain Controller LDAP CA certificate and I want packetfence
to check server side LDAPS certificate. I see a tab with "Certificates",
but there are some client side certificate options and if I try to add
the CA it doesn't work, so maybe not what I'm looking for.
If I set the option "SSL Verify Mode" to REQUIRE then in the log I see a
fail in certificate checking and the source is not working anymore.
I installed the CA certificate on the server in
/usr/local/share/ca-certificates and run update-ca-certificates, and now
Debian OS has the CA, but the certificate check fails anyway if the
field is set to REQUIRE.
I'm actually just curious: is there any explanation about the "SSL
Verify Mode" I may have missed on how should it work? The fact there is
an OPTIONAL setting it make me think it is about client side cert and
not server side check. Am I right?
Regards,
Massimiliano Ballerini
--
Massimiliano Ballerini
Laboratori Guglielmo Marconi
Via Porrettana, 123 - 40037 Pontecchio Marconi (BO)
e-mail: massimiliano.baller...@labs.it
web: http://www.labs.it
mob: +39 349 2600513
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
