--On Friday, September 29, 2017 5:03 PM -0400 Robert Heller
<heller(a)deepsoft.com> wrote:
At Fri, 29 Sep 2017 10:29:11 -0700 Quanah Gibson-Mount
<quanah(a)symas.com>
wrote:
>
> --On Friday, September 29, 2017 2:17 PM -0400 Robert Heller
> <heller(a)deepsoft.com> wrote:
>
> > Signature Algorithm: sha1WithRSAEncryption
>
> The above is probably your problem. I believe MozNSS will no longer
> accept SHA1 certs. This was in the link I sent you yesterday.
> Generate a more secure cert (I.e., SHA256 or higher).
I replaced the certs with SHA256 versions and it is still not working:
You need logs from SSSD detailing why it is failing to negotiate. As you
noted before, ldapsearch/ldapwhoami etc work for you. If that is still the
case now with your new certs, you will need to pursue support with RedHat,
as this clearly is not an OpenLDAP issue. Sorry I can't be of any more
help than that.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<
http://www.symas.com>