Re: [ovirt-users] Fwd: ovirt-engine-extension-aaa-ldap active directory

I don't know what did you downloaded. It should be CA used to sign the LDAP services on AD. If it's CA created by AD SSL, you can get it for example as follows: 1. Press "Start" -> "Run" and write "cmd" and press "Enter". 2. Extract the CA certificate using the following command: ``` >

Re: [ovirt-users] Fwd: ovirt-engine-extension-aaa-ldap active directory

I do this already. The CA certificate that i download is fine also for ldap? Nick 2017-10-11 14:56 GMT+02:00 Ondra Machacek : > You can download it just a temporary, for example to /tmp. > Then aaa-setup-tool wil create jks file in /etc/ovirt-engine/aaa/ directory. > After

Re: [ovirt-users] Fwd: ovirt-engine-extension-aaa-ldap active directory

You can download it just a temporary, for example to /tmp. Then aaa-setup-tool wil create jks file in /etc/ovirt-engine/aaa/ directory. After that you can remove the CA file and keep just jks file. On Wed, Oct 11, 2017 at 2:37 PM, nicola gentile wrote: > Yes I

Re: [ovirt-users] Fwd: ovirt-engine-extension-aaa-ldap active directory

Yes I created by aaa-setup tool. I noticed that the CA certificate was expired, than I download new certificate and I run aaa-setup tool. is there a specific place to put the certificate file ca? I put in root home. Thank a lot Nick 2017-10-11 14:18 GMT+02:00 Ondra Machacek

Re: [ovirt-users] Fwd: ovirt-engine-extension-aaa-ldap active directory

It fails on SSL handshake: sun.security.validator.ValidatorException: No trusted certificate found How did you create 'polito.it.jks' file? By aaa-setup tool? Are use sure you've entered correct CA certificate there? On Wed, Oct 11, 2017 at 1:30 PM, nicola gentile