- When trying to execute ldapsearch, we get the following error:
[root@server ~]# ldapsearch -x -H ldaps://host.example.com -b "dc=example,dc=org" -d 1 ldap_url_parse_ext(ldaps://host.example.com) ldap_create ldap_url_parse_ext(ldaps://host.example.com:636/??base) .... ldap_connect_to_host: TCP host.example.com:636 ldap_connect_to_host: Trying 10.80.1.201:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 TLS: loaded CA certificate file /etc/pki/tls/certs/slapd.crt. TLS: certificate [CN=host.example.com,OU=FOO,O=Internal CA,L=test,ST=GE,C=US] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user.. TLS: error: connect - force handshake failure: errno 21 - moznss error -8172 TLS: can't connect: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.. ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
- SSSD fails to connect to ldap server with the following error.
sssd[be[default]]: Could not start TLS encryption. TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.
- Red Hat Enterprise Linux 6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.