SSL connection to active directory in keystone works not with crt file or tls_cacertdir option

Solution In Progress - Updated -

Issue

  • if we set below parameter, SSL connection to active directory in keystone did not work.

    tls_cacertdir /etc/pki/ca-trust/source/anchors/

  • Even if we save certificate in the working direcory. Error in keystone log:

    /var/log/keystone/keystone.log:2017-10-25 14:40:05.707 566685 ERROR keystone.common.wsgi BackendError: {'info': "TLS error -8179:Peer's Certificate issuer is not recognized.", 'desc': "Can't contact LDAP server"}

Environment

  • Red Hat OpenStack Platform Version 10.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content