04-25-2017 12:31 PM
Hello, I have been struggling with getting [ldap_server_auto] to work with ssl port 636
it is unclear to me what cert(s) is(are) needed for ssl_cert_path and the private key ssl_key_path.
we have an Offline Root CA and two Sub Issuing CAs. i have these 3 certs in a single PEM file, and it is used for the [ad_client] section ssl_ca_certs_file=conf\SSL_Certs.pem. In the [ad_client] section i have transport=ldaps and port=363, and it works fine.
but i am confused what cert needs to go in the [ldap_server_auto] section. Can someone please help me with this? the Authentication Proxy Reference guide doesn’t have any specifics in it regarding this, and I have searched the forums and google on what is required. No luck!
here are the steps that i took
ssl_port=636
ssl_key_path=duo.key
ssl_cert_path=duo.pem
“Connection test failed. Response from the server:
duoldaps.domain.name:636; nested exception is javax.naming.CommunicationException: duoldaps.domain.name:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.■■■■■■■■■■■■■■■■■■■■ception: unable to find valid certification path to requested target]”
Please help. Are there any step by step explicit guides on this and what is needed?
Thank you!
05-04-2017 08:39 AM
Hi Cosmic_Ancestry.
The Confluence error seems to indicate that it can’t verify the issuer of the certificate you’re using to secure incoming LDAPS on the Authentication Proxy.
Try adding your issuing CA certs (the three that you have in the outbound connection [ad_client] config PEM) to the PEM you’re using with [ldap_server_auto]. Also ensure that the private key doesn’t require a password.
If this doesn’t work I suggest you contact our excellent Support team so one of them can work with you directly.
Thanks for trying Duo!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide