Hi all, I'm trying to set up an Auth Source using AD over SSL but not having any luck getting it to bind. I've followed
Aruba ClearPass Workshop - Getting Started #6 - Secure AD with LDAPS (arubanetworks.com) which was simple enough to do. I have our internal Microsoft Enterprise CA cert in the Trust List on clearpass. I can use LDP.exe to connect to our AD from my machine. We do have multiple "server authentication" certs in the personal cert store of the DC however they are all signed by the same enterprise CA and should be valid for use with LDAPS from what I've read (right?). What other things could I be missing? I do know that our CA uses RSASSA-PSS which isn't supported by our Palo FW. Could the same be true for Clearpass? Appreciate any troubleshooting tips or guidance you guys can provide. Thanks :)
Edited to add:Not sure if this is relevant to clearpass however thought I better mention that the server authentication certificates on the DC have a blank Subject but do have a SAN matching the DC's FQDN as per
Third Party Application Fails Using LDAP over SSL | Microsoft Docs .
The failed login attempt results in following error:
Failed to connect and bind to host=dc.domain.local, error=java.security.cert.CertificateException: Certificates do not conform to algorithm constraints------------------------------
Michelle Shawcross
------------------------------