Also what format do the certificates have to be in on the MWG?
The certs must be base64 pem encoded. The the section in the kerberos guide:
Web Gateway: Understanding and Configuring Kerberos (extended guide) regarding LDAPS hints to get the certs.
You also need to make sure that the name you specify for the LDAPS server matches that which is on the certificate.
So if you put an IP, you'll probably need to change it. I would also advise making sure everything works with LDAP first, then change to LDAPS to make sure it is truley an LDAPS issue.
Was running into a similar problem with getting LDAP/S to work. I was able to resolve the issue by dropping the certificate(s) directly into the /etc/ssl/certs directory on the Web Gateway.
I did an openssl -showcerts connection from the web gateway to my LDAP server and copy and pasted the certificates from the response into .pem files into that directory. After that, LDAP/S worked perfectly.
Don't forget to set the permissions on the new pem files.
hope that helps,
That may work, but I have no guarantee for how long. That directory could be wiped out or updated with an upgrade.
The supported method would be to import it into the MWG UI to ensure this doesnt happen.