Re: Firepower 1120 LDAPS not working but LDAP is.

TommyNilsson0342 · ‎03-18-2020

I am able to login through our firepower 1120 through VPN if i run LDAP through our AD.

If I run LDAPS instead it does not work.
See the attachment.

Cristian Matei · ‎03-18-2020

Hi,

Your problem is either the remote LDAP server does NOT run LDAPS (the service is not available/open, thus the error message), or port 636 is filtered someway along the path and the packets near reach the LDAPS server.

Regards,

Cristian Matei.

superadmin9 · ‎04-29-2020

Looks like you’re running 6.5.x from the screenshot, so you can make sure the cert is added if that is the case.
You can also use the windows LDAPS tool to verify connection to your server with 636

Rahul Govindan · ‎03-18-2020

What version of FTD is this? Starting from 6.5, the FTD needs to trust the certificate presented by LDAPS server. 6.4 and below, this trust was not enforced. If you are on 6.5 and above, you need to install the CA certificate of the LDAPS server on the FTD as a cert enrollment object.

Jewgeni Uschegow · ‎04-08-2020

Hi Rahul,

do I understand correct, that I have to install the Root CA certificate of ldaps server in objects/pki/cert enrollment and add to devices/certificate on ftd device?

Regards,

Rahul Govindan · ‎04-17-2020

That is correct. Unfortunately, this is not obvious from the FMC configuration.

Irakli Gvishiani · ‎01-31-2022

Hello,

How I can install Root CA of LDAPS into Cert Enrollment? Do you have some manuals?

Thanks

Rob Ingram · ‎01-31-2022

@Irakli Gvishiani here is the cisco guide for installation or renewal of certificates using the FMC

https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215849-certificate-installation-and-renewal-on.html

Irakli Gvishiani · ‎01-31-2022

Did you resolve this issue?