Hi, 
I am not sure if this is exact, but i do believe that if you join the machine to the Ldap domain, you will get the certificate.
I am using Freeipa and my machine is a client of the domain.
Because of this, when I use SSL, the certificate is known.
On my machine, it is here.
/etc/ssl/certs/ipa-ca.pem

D


On Fri, Mar 17, 2017 at 2:33 PM, Vlad Kratsberg <vkratsberg@gmail.com> wrote:
Hello,

We are trying to enable TLS on top of ldap connections.  Once, i change startls to FALSE or required

$config['auth_ldap_starttls'] = TRUE;
$config['auth_ldap_starttls'] = 'required';

I get the following message:

Inline image 1
What does it mean exactly ?  Version mismatch ? Cert error ? 


When I check packet capture, i see the following:

Inline image 2

And inside the client response ( packet # 9 ), there is this:

Inline image 3

Does it mean that observium can't find a certificate ?  If so, which directory should i place certs ? I have another app on the same box that is using ldap with tls and it is working just fine.


Also, what TLS versions are supported by observium ? 

Has anybody experienced the same issue ? Were you able to resolve it ? 

Appreciate your responses.

Thank you


_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium