Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1367
Views
0
Helpful
0
Replies

FTD Unknown CA when used for Active Authentication against non-AD LDAP

Razvan A.
Level 1
Level 1

‎01-13-2021 12:06 PM

Hello community,

 

I am trying to use the Captive Portal with a FMC/FTD deployment that is at version 6.6.1.

 

I got the Realm configured and downloaded the users, using the Digicert root CA as a trusted CA since the LDAP certificate is a wildcard certificate issued by Digicert.

 

I have configured the Identity policy and Access Control policy and I get to the point where I trigger the Captive Portal redirect and I get the user credentials prompt.

 

After I enter the credentials, the FTD appliance (not the FMC) is trying to verify/bind with the LDAP and fails the TLS negotiation with Unknown CA error (attached error info from a wireshark capture). On the LDAP side, the debugging shows the exact same error. The FTD appliance is the one issuing the Unknown CA message.

 

Has anyone faced the same issue? Does anyone know of a way to upload Trusted CAs onto the FTD appliance? The Device Certificate section is for adding device certificates which were issued by a CA.

 

Thank you,

Razvan

Preview file
15 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card