https://community.hpe.com/t5/imc/solved-ldaps-fails/m-p/7089171#M5885 <P>Thanks!</P><P>Those links were helpful. My main misunderstanding was regarding the uploaded certificate in the IMC config.</P><P>I assumed it was supposed to be a client cert issued to the IMC server, NOT the cert created&nbsp; using&nbsp; the LDAP over SSL template and issued to the DC</P><P>Now it works</P><P>EDIT: downside, I'm running active and standby. The standby gets its configuration for this through the nightly backup as there is no option to configure much on the standby server. The regular LDAP config gets synced, but the LDAP over SSL does not get correctly configured. So make sure you have a local admin account configured as no authentication sever will be available.</P> Wed, 27 May 2020 15:49:05 GMT NeilR 2020-05-27T15:49:05Z https://community.hpe.com/t5/imc/solved-ldaps-fails/m-p/7088410#M5878 <P><STRONG>javax.naming.CommunicationException: simple bind failed: SP-P-DC04.brookgreen.spgs.local:636 [Root exception is javax.net.ssl.SSLHandshakeException: No trusted certificate found]</STRONG></P><P>I have RootCA (MS ADCA) in every keystore on the IMC server that I think could be used.</P><P>Certificate is based on:</P><P>Template=LDAPoverSSL(1.3.6.1.4.1.311.21.8.16574533.5077679.4147093.4566469.16611918.39.9795857.15890548)<BR />Major Version Number=100<BR />Minor Version Number=3</P><P>It drives me nuts</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ldaps imc.PNG" style="width: 654px;"><img src="https://community.hpe.com/t5/image/serverpage/image-id/115531iEC5FFD6A8C297DA6/image-size/large?v=v2&amp;px=2000" role="button" title="ldaps imc.PNG" alt="ldaps imc.PNG" /></span></P><P>&nbsp;</P> Fri, 22 May 2020 07:57:18 GMT https://community.hpe.com/t5/imc/solved-ldaps-fails/m-p/7088410#M5878 spgsitsupport 2020-05-22T07:57:18Z https://community.hpe.com/t5/imc/solved-ldaps-fails/m-p/7088742#M5881 <P>Anybody any ideas?</P> Thu, 21 May 2020 18:08:34 GMT https://community.hpe.com/t5/imc/solved-ldaps-fails/m-p/7088742#M5881 spgsitsupport 2020-05-21T18:08:34Z https://community.hpe.com/t5/imc/solved-ldaps-fails/m-p/7088772#M5882 <P>i tried to make it work as well. i had my DC certsrv issue a client cert to the user logging into LDAP/DC and uploaded that to imc. I figured it wanted a client cert that the DC would recognixe and It all looks ok. WIreshark shows it fails.</P><P>So I went back to the docs. They have an example but not for secure LDAp over SSL, so no help there as to how to set up the cert.&nbsp;</P><P>Looks like its broken unless someone else has made it work.</P> Fri, 22 May 2020 00:00:28 GMT https://community.hpe.com/t5/imc/solved-ldaps-fails/m-p/7088772#M5882 NeilR 2020-05-22T00:00:28Z https://community.hpe.com/t5/imc/solved-ldaps-fails/m-p/7088801#M5883 <P>Well, my AD server definitely works with LDAPs (LDAP over SSL) as tested with <A href="https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118761-technote-firesight-00.html" target="_blank" rel="noopener">ldp.exe </A></P><P>Certificate was issued by MS ADCA as per <A href="https://support.microsoft.com/en-gb/help/321051/how-to-enable-ldap-over-ssl-with-a-third-party-certification-authority" target="_blank" rel="noopener">this&nbsp;</A>or even better <A href="https://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx" target="_blank" rel="noopener">this</A></P><P>Just to make sure I did follow the bit in above writeup - Exporting the LDAPS Certificate and Importing for use with AD DS</P><P>And once imported to <STRONG>NTDS\Personal</STRONG> IMC was OK to use provided certificate &amp; do LDAPs connection!</P> Fri, 22 May 2020 07:59:11 GMT https://community.hpe.com/t5/imc/solved-ldaps-fails/m-p/7088801#M5883 spgsitsupport 2020-05-22T07:59:11Z https://community.hpe.com/t5/imc/solved-ldaps-fails/m-p/7089171#M5885 <P>Thanks!</P><P>Those links were helpful. My main misunderstanding was regarding the uploaded certificate in the IMC config.</P><P>I assumed it was supposed to be a client cert issued to the IMC server, NOT the cert created&nbsp; using&nbsp; the LDAP over SSL template and issued to the DC</P><P>Now it works</P><P>EDIT: downside, I'm running active and standby. The standby gets its configuration for this through the nightly backup as there is no option to configure much on the standby server. The regular LDAP config gets synced, but the LDAP over SSL does not get correctly configured. So make sure you have a local admin account configured as no authentication sever will be available.</P> Wed, 27 May 2020 15:49:05 GMT https://community.hpe.com/t5/imc/solved-ldaps-fails/m-p/7089171#M5885 NeilR 2020-05-27T15:49:05Z