Showing results for 
Show  only  | Search instead for 
Did you mean: 

LDAPS authentication for Admin Accounts - Unknown CA error

I'm using MWG (26805).

I'm attempting to use my organization's Red Hat IPA server to handle user credentials for the admin accounts of the MWG.

I have successfully made this work for regular LDAP queries, but the MWG sends passwords in cleartext when operating in this mode. I would like to use LDAPS instead.

My organization has its own root CA, and the IPA server sends four certificates when making a secure connection. >openssl s_client -showcerts -connect [ipa server]:636 shows four certificates, each pointing to the next one up the chain all the way to the self-signed root certificate.

I extracted these four certificates to four .crt files, each containing the base64 encoded certificate block. I went to the Policy->Lists section of the MWG GUI, and added an entry under Custom Lists-> Certificate Authority. I then added the four certificates using the green + button and selecting import. Each certificate appears to have been imported correctly; the CN/O/OU, valid dates and fingerprints look correct. Each has 'true' in the trusted column.

I then saved the settings, went to the accounts tab, and updated the LDAP Specific Parameters to use LDAPS and 636, and selected my newly created CA from the drop down list. When I attempt to test authentication, I get an authentication failed, and a tcpdump shows that the MWG sent an 'TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Unknown CA)' message.

I've been working on this for a few days, trying different settings for the CA and LDAPS sections, but can't get past this issue.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community