cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1406
Views
0
Helpful
2
Replies

unable to configure ssl connection UCS Central to openldap

raven428c
Level 1
Level 1

Hello. I sucessfully configured ldap authorization on my UCS Central machine, but unable to upgrade connection to SSL or TLS. That I did:

  1. checked ssl checkbox, changed port to 636 (tried both 389 and 636);
  2. at certificates section I created new trusted point with my root CA self-signed certificate;
  3. also I created second trusted point with certification chain of openldap server: certificate of openldap server, then CA self signed certificate.

When I trying to login to UCS Central via web with ldap domain I got on the openldap side: 

slapd[12638]: conn=1008 fd=19 closed (TLS negotiation failure)

My openldap server shows correct answer on "openssl s_client -connect openldap.domain.tld:636 -showcerts -state" with full chain of certificates: CA certificate, then server certificate, which is same as I imported to UCS Central. The DNS name of openldap server in UCS Central configuration is same as CN in openldap server certificate.

Where is my mistake? How can I debug ldap ssl to console or syslog from UCS Central for troubleshooting? My ucs central version is 1.2(1a).

2 Replies 2

raven428c
Level 1
Level 1

Today I've deployed new host with UCS Central and I made same configuration for ldap authorization at this new host. I didn't touch any other options - only ldap configuration. It works with SSL checkbox and successfully connects to same openldap server with STARTTLS protocol.

So I guess my openldap server is fine and I have something wrong in my current UCS Central config, but I can't discover this issue. How can I do it?

raven428c,

Did you ever figure this out?

Review Cisco Networking for a $25 gift card

Review Cisco Networking for a $25 gift card