allow connection via ldaps with expired SSL
-
@jimp Anyway I can allow connection via ldaps with expired SSL?
I have renewed my expired certificate on LDAP server and so far I can see that connection works from dashboard and Diagnostics -> Authentication test works as well.
But OpenVPN does not stillpfSense openvpn[]: openvpn.auth-user.php: ERROR! Could not bind to LDAP server LDAP. Please check the bind credentials.
And ldapsearch from cli giving bellow error. It would be cool to add somewhere "tls_reqcert allow" for the ldap clients. And probably /etc/inc/auth.inc is the right place but actually not sure about this.
[2.6.0-RELEASE][root@pfSense.test.server]/root: ldapsearch -H ldaps://ldap.server.test -x -b 'dc=cli,dc=ai' -d 1 ldap_url_parse_ext(ldaps://ldap.server.test) ldap_create ldap_url_parse_ext(ldaps://ldap.server.test:636/??base) ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP ldap.server.test:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 192.168.0.111:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 attempting to connect: connect success TLS trace: SSL_connect:before SSL initialization TLS trace: SSL_connect:SSLv3/TLS write client hello TLS trace: SSL_connect:SSLv3/TLS write client hello TLS trace: SSL_connect:SSLv3/TLS read server hello TLS trace: SSL_connect:TLSv1.3 read encrypted extensions TLS certificate verification: depth: 3, err: 10, subject: /O=Digital Signature Trust Co./CN=DST Root CA X3, issuer: /O=Digital Signature Trust Co./CN=DST Root CA X3 TLS certificate verification: Error, certificate has expired TLS trace: SSL3 alert write:fatal:certificate expired TLS trace: SSL_connect:error in error TLS: can't connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (certificate has expired). ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Any help would be appreciated.
Regards,
Oleksandr