Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
29 Sep
2017
29 Sep
'17
11:18 a.m.
--On Friday, September 29, 2017 11:29 AM -0700 Quanah Gibson-Mount quanah@symas.com wrote:
--On Friday, September 29, 2017 2:17 PM -0400 Robert Heller heller@deepsoft.com wrote:
Signature Algorithm: sha1WithRSAEncryptionThe above is probably your problem. I believe MozNSS will no longer accept SHA1 certs. This was in the link I sent you yesterday. Generate a more secure cert (I.e., SHA256 or higher).
See also: https://access.redhat.com/blogs/766093/posts/3050871
where SHA1 is explicitly noted as being phased out.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
2603
Age (days ago)
2603
Last active (days ago)
openldap-technical@openldap.org
0 comments
1 participants
participants (1)
-
Quanah Gibson-Mount