I'm looking for basic instructions to use StartTLS with Crowd directory and an active directory server currently using ldap. I've enabled StartTLS in the admin area and even though I am able to sync and pull users I get a ton of tls errors in the logs and some users are not getting authenticated. All is good if I don't use TLS. Do I need to install a cert on the Crowd server for it to use StartTLS? We don't want to control users in AD from Crowd, just a one way pull.
If we run this command from the Crowd Linux Console:
sudo openssl s_client -connect ADserver.com:636
We do get a valid certificate from the AD server.
Here are some documents I've found but I'm not exactly sure what is needed in our case.
https://confluence.atlassian.com/crowd/troubleshooting-ssl-certificates-and-crowd-164495772.html
Just an update, I was able to add our wildcard cert which has allowed ldaps to work.
If I run java SSLPoke adserver.com 3269 it works connects. but if I change it to port 389 for tls it doesn't work:
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:209)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138)
at SSLPoke.main(SSLPoke.java:23)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.