https://community.cisco.com/t5/network-security/fmc-external-ad-authentication-over-tls/m-p/4859726#M1101862 <P>Hey Aref,</P><P>&nbsp;</P><P>Thanks for the reply. SSL uses port 636 but TLS uses 389 using STARTTLS, so that's not the issue. It had something to do with the root cert I was uploading, wish I could say what it was but it finally took and is working properly.&nbsp;</P><P>&nbsp;</P><P>Thanks!</P> Wed, 21 Jun 2023 17:37:17 GMT jbeach44 2023-06-21T17:37:17Z https://community.cisco.com/t5/network-security/fmc-external-ad-authentication-over-tls/m-p/4858909#M1101796 <P>Hello,</P><P>I am using the following guide to set up AD external authentication over TLS and getting the following error:</P><P>&nbsp;</P><P><SPAN>Opening connection to LDAP server - XXXXXXXXXX:389 - ldap</SPAN><BR /><SPAN>Current TLS Require Cert: 4</SPAN><BR /><SPAN>Current TLS CACERTFILE: /var/tmp/HsmvFZQrBM/temp0.pem</SPAN><BR /><STRONG>Failed to issue StartTLS instruction: Connect error - -11</STRONG><BR /><SPAN>The directory server is up XXXXXXXXXX:389</SPAN></P><P>The hostname field is set up to match the certificate installed on the DC and I am uploading the Root certificate as base64 PEM format. Not sure what the issue is, anyone run into this?</P><P>&nbsp;</P><P>Thanks!</P> Tue, 20 Jun 2023 17:46:39 GMT https://community.cisco.com/t5/network-security/fmc-external-ad-authentication-over-tls/m-p/4858909#M1101796 jbeach44 2023-06-20T17:46:39Z https://community.cisco.com/t5/network-security/fmc-external-ad-authentication-over-tls/m-p/4859719#M1101861 <P>On the provided output I see the negotiation is happening on port 389 which is the traditional unencrypted LDAP port, not the LDAPS port. LDAPS runs on port 636 by default.</P> Wed, 21 Jun 2023 17:16:48 GMT https://community.cisco.com/t5/network-security/fmc-external-ad-authentication-over-tls/m-p/4859719#M1101861 Aref Alsouqi 2023-06-21T17:16:48Z https://community.cisco.com/t5/network-security/fmc-external-ad-authentication-over-tls/m-p/4859726#M1101862 <P>Hey Aref,</P><P>&nbsp;</P><P>Thanks for the reply. SSL uses port 636 but TLS uses 389 using STARTTLS, so that's not the issue. It had something to do with the root cert I was uploading, wish I could say what it was but it finally took and is working properly.&nbsp;</P><P>&nbsp;</P><P>Thanks!</P> Wed, 21 Jun 2023 17:37:17 GMT https://community.cisco.com/t5/network-security/fmc-external-ad-authentication-over-tls/m-p/4859726#M1101862 jbeach44 2023-06-21T17:37:17Z https://community.cisco.com/t5/network-security/fmc-external-ad-authentication-over-tls/m-p/4859730#M1101863 <P>Can I know what is issue with root cert.</P> <P>Thanks alot&nbsp;</P> <P>MHM</P> Wed, 21 Jun 2023 17:41:02 GMT https://community.cisco.com/t5/network-security/fmc-external-ad-authentication-over-tls/m-p/4859730#M1101863 MHM Cisco World 2023-06-21T17:41:02Z