> On Tue, Mar 17, 2020 at 11:17:34AM -0000, Hristina Marosevic wrote: > .... > > Hi, > > I'm sorry, I haven't read one of your earlier emails carefully enough, > please do not use "certificate_verification = no_ocsp, no_verification" > but only > > certificate_verification = no_verification > > 'no_ocsp' implies verification but without OCSP so using both options is > an inconsistency. > > bye, > Sumit
Besides this, I thought of another scenario which may help me validate the certificate. I can add certificate_verification=no_ocsp instead of certificate_verification=no_verification in [sssd] section of sssd.conf file, and store the trust on the server - in that case, where should I store the trust and is it enought just to provide the root CA certificate, or it is needed to store the intermediate CAs certificates? Also, in which format? If this won't work, I really have no idea of any other options for testing the PKI based authentication, so if you have any other ideas, I will appreciate if you share it. Thank you for your help! _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
