unable to configure ssl connection UCS Central to openldap

raven428c · ‎11-13-2014

Hello. I sucessfully configured ldap authorization on my UCS Central machine, but unable to upgrade connection to SSL or TLS. That I did:

checked ssl checkbox, changed port to 636 (tried both 389 and 636);
at certificates section I created new trusted point with my root CA self-signed certificate;
also I created second trusted point with certification chain of openldap server: certificate of openldap server, then CA self signed certificate.

When I trying to login to UCS Central via web with ldap domain I got on the openldap side:

slapd[12638]: conn=1008 fd=19 closed (TLS negotiation failure)

My openldap server shows correct answer on "openssl s_client -connect openldap.domain.tld:636 -showcerts -state" with full chain of certificates: CA certificate, then server certificate, which is same as I imported to UCS Central. The DNS name of openldap server in UCS Central configuration is same as CN in openldap server certificate.

Where is my mistake? How can I debug ldap ssl to console or syslog from UCS Central for troubleshooting? My ucs central version is 1.2(1a).

raven428c · ‎11-17-2014

Today I've deployed new host with UCS Central and I made same configuration for ldap authorization at this new host. I didn't touch any other options - only ldap configuration. It works with SSL checkbox and successfully connects to same openldap server with STARTTLS protocol.

So I guess my openldap server is fine and I have something wrong in my current UCS Central config, but I can't discover this issue. How can I do it?

burtonpeake · ‎05-08-2017

raven428c,

Did you ever figure this out?