Duo Auth Proxy Ldaps for vCenter

Alex H · ‎04-26-2024

Do you have any idea on this?

[ldap_server_auto]
client=ad_client
ikey=nnnn
skey=nnnn
api_host=api-nnnn.duosecurity.com

failmode=secure
factors=push
exempt_ou_1=X

exempt_primary_bind=false

After Enable I checked on port seeing certificate is work now. but I tried with same certificate at vCenter is not working to add Ldaps://server:3289

ssl_port=3289

ssl_cert_path=ldap_server.pem
ssl_key_path=ldap_server.key

DuoKristina · ‎04-26-2024

Does vCenter reject the cert or does the Duo Authentication Proxy reject the SSL connection?

The key file specified in authproxy.cfg can't be encrypted or password-protected (that's a common issue we see when LDAPS fails).

Duo, not DUO.

Alex H · ‎04-28-2024

vCenter has rejected the certificate.

ldap_server.key is only Private Key is it correct?

ldap_server.pem is only Public Key is it correct?

In the authproxy.cfg I didn't encrypt the password.

DuoKristina · ‎05-02-2024

ldap_server.pem is the issued certificate.

If vCenter rejects the cert, does vCenter trust the cert's issuer?

Duo, not DUO.

Alex H · ‎05-02-2024

Not sure it's something wrong with self-signed certificate. but I tried to use third-party certificate is worked fine.
Nevermind I will use the third-party certificate for this.