Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation

29 Sep 2017


      --On Friday, September 29, 2017 11:29 AM -0700 Quanah Gibson-Mount 
quanah@symas.com wrote:
...
--On Friday, September 29, 2017 2:17 PM -0400 Robert Heller
heller@deepsoft.com wrote:
...
Signature Algorithm: sha1WithRSAEncryption

The above is probably your problem.  I believe MozNSS will no longer
accept SHA1 certs.  This was in the link I sent you yesterday.  Generate
a more secure cert (I.e., SHA256 or higher).
See also: https://access.redhat.com/blogs/766093/posts/3050871
where SHA1 is explicitly noted as being phased out.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
http://www.symas.com

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation