On (27/11/19 13:31), Todor Petkov wrote: >On Thu, Nov 21, 2019 at 10:56 AM Jakub Hrozek <[email protected]> wrote: >> IIRC the reqcert option only allows you to suppress the CA chain >> verification, so the cert doesn't then have to be signed by a trusted >> CA. But it still has to have the key usage bits set to allow for TLS >> server usage. > >Hello, >even with reqcert set to never, I still get errors. Same sssd.conf >works on CentOS. >I will look into it further. >
Does "curl --cacert ./path/to/ca/crt ldaps://ldap.$yourhostname" works on debian ? Because it might be related to different system defaults on debian-10 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907788#14 LS _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
