All, We has been struggling with a recent patch from Ubuntu that broke encrypted connections between some of our internal servers.
Long story short: Ubuntu now uses GNU-TLS and the latest security patch has removed support for SHA-1. Error messages in Ubuntu or in LDAP were not explicit enough to make it obvious. Some of you may face this issue between RADIUS and LDAP (still used quite a bit for 802.1X). This issue will most likely affect internally issued infrastructure certificates! Fix: Do not patch GNU-TLS (is this a good idea?) or recreate your ROOT CA to support SHA-2 family Hope this helps. Chad (ANYROAM’s CTO) pulled whatever hairs he had left on this one, so we felt like sharing :) If you have more info on this, please share. Philippe Philippe Hanset, CEO www.anyroam.net Operator of eduroam-US +1 (865) 236-0770 GPG key id: 0xF2636F9C ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community