Security

Reply
Contributor II

AD over SSL

Hi!

 

I´m having trouble with AD over SSL. I´ve created a certificate for the clearpass server from AD CA and uploaded it, also added CA to trust.

 

The clearpass server is member of 2 active directories.

 

As soon as I choose: "Enable to verify Server Certificate for secure connection" . The source fails.With errormessage: "Can't contact LDAP server"

But I can use it fine running AD SSL over 636 without this option no problem.

 

Clearpass and AD server is in the same subnet.

 

Any tips for troubleshooting ?

 

Is the connection still running encryptet without this option enabled ?

Daniel F
ACMP | ACCP | HP ATP - FlexNetwork Solutions

Re: AD over SSL

Do you also have the root from the CA that issued the DC cert in the Clearpass trust list ?

Launching a packet capture on the CPPM node and analysing what is being presented by the DC could be a good thing too.

 

Cheers,

ACMP, ACCP, BCNE

Re: AD over SSL

As said, you need to import and enable the root CA that issued the certificate for your LDAPS. The problem likely lies in here.

 

If you like to see the process in a video, check here.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Contributor II

Re: AD over SSL

Hi!

 

Thanks for the tips, I´ve installe the root cert so that wasn´t the problem.

 

I´m embarrassed to say but it turns out that the AD-servers where added as sources with ip instead of DNS-name.

 

The log details in access tracker showed:  ERROR RadiusServer.Radius - rlm_ldap: TLS: unable to get CN from peer certificate

 

Which clued me in. Pretty obious in the end :)

Daniel F
ACMP | ACCP | HP ATP - FlexNetwork Solutions
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: