topic FTD Unknown CA when used for Active Authentication against non-AD LDAP in Network Security https://community.cisco.com/t5/network-security/ftd-unknown-ca-when-used-for-active-authentication-against-non/m-p/4271882#M1077269 <P>Hello community,</P><P>&nbsp;</P><P>I am trying to use the Captive Portal with a FMC/FTD deployment that is at version 6.6.1.</P><P>&nbsp;</P><P>I got the Realm configured and downloaded the users, using the Digicert root CA as a trusted CA since the LDAP certificate is a wildcard certificate issued by Digicert.</P><P>&nbsp;</P><P>I have configured the Identity policy and Access Control policy and I get to the point where I trigger the Captive Portal redirect and I get the user credentials prompt.</P><P>&nbsp;</P><P>After I enter the credentials, the FTD appliance (not the FMC) is trying to verify/bind with the LDAP and fails the TLS negotiation with Unknown CA error (attached error info from a wireshark capture). On the LDAP side, the debugging shows the exact same error. The FTD appliance is the one issuing the Unknown CA message.</P><P>&nbsp;</P><P>Has anyone faced the same issue? Does anyone know of a way to upload Trusted CAs onto the FTD appliance? The Device Certificate section is for adding device certificates which were issued by a CA.</P><P>&nbsp;</P><P>Thank you,</P><P>Razvan</P> Wed, 13 Jan 2021 20:06:49 GMT Razvan A. 2021-01-13T20:06:49Z FTD Unknown CA when used for Active Authentication against non-AD LDAP https://community.cisco.com/t5/network-security/ftd-unknown-ca-when-used-for-active-authentication-against-non/m-p/4271882#M1077269 <P>Hello community,</P><P>&nbsp;</P><P>I am trying to use the Captive Portal with a FMC/FTD deployment that is at version 6.6.1.</P><P>&nbsp;</P><P>I got the Realm configured and downloaded the users, using the Digicert root CA as a trusted CA since the LDAP certificate is a wildcard certificate issued by Digicert.</P><P>&nbsp;</P><P>I have configured the Identity policy and Access Control policy and I get to the point where I trigger the Captive Portal redirect and I get the user credentials prompt.</P><P>&nbsp;</P><P>After I enter the credentials, the FTD appliance (not the FMC) is trying to verify/bind with the LDAP and fails the TLS negotiation with Unknown CA error (attached error info from a wireshark capture). On the LDAP side, the debugging shows the exact same error. The FTD appliance is the one issuing the Unknown CA message.</P><P>&nbsp;</P><P>Has anyone faced the same issue? Does anyone know of a way to upload Trusted CAs onto the FTD appliance? The Device Certificate section is for adding device certificates which were issued by a CA.</P><P>&nbsp;</P><P>Thank you,</P><P>Razvan</P> Wed, 13 Jan 2021 20:06:49 GMT https://community.cisco.com/t5/network-security/ftd-unknown-ca-when-used-for-active-authentication-against-non/m-p/4271882#M1077269 Razvan A. 2021-01-13T20:06:49Z