cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
269
Views
0
Helpful
4
Replies

Duo Auth Proxy Ldaps for vCenter

Alex H
Level 1
Level 1

Do you have any idea on this?

[ldap_server_auto]
client=ad_client
ikey=nnnn
skey=nnnn
api_host=api-nnnn.duosecurity.com

failmode=secure
factors=push
exempt_ou_1=X

exempt_primary_bind=false

After Enable I checked on port seeing certificate is work now. but I tried with same certificate at vCenter is not working to add Ldaps://server:3289

ssl_port=3289

ssl_cert_path=ldap_server.pem
ssl_key_path=ldap_server.key

4 Replies 4

DuoKristina
Cisco Employee
Cisco Employee

Does vCenter reject the cert or does the Duo Authentication Proxy reject the SSL connection?

The key file specified in authproxy.cfg can't be encrypted or password-protected (that's a common issue we see when LDAPS fails).

Duo, not DUO.

Alex H
Level 1
Level 1

vCenter has rejected the certificate.

ldap_server.key is only Private Key is it correct?

ldap_server.pem is only Public Key is it correct?

In the authproxy.cfg I didn't encrypt the password.

 

ldap_server.pem is the issued certificate.

If vCenter rejects the cert, does vCenter trust the cert's issuer?

Duo, not DUO.

Alex H
Level 1
Level 1

Not sure it's something wrong with self-signed certificate. but I tried to use third-party certificate is worked fine.
Nevermind I will use the third-party certificate for this.

Quick Links