- Community Home
- >
- Software
- >
- HPE OneView
- >
- Re: HPE Oneview openldap
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-15-2017 06:50 AM
тАО09-15-2017 06:50 AM
oneview openldap
Hello,
I'm trying to configure openldap on oneview but when I insert the server certificate the system says that:
The certificate entered for server 192.168.252.155:389 does not appear to be a valid certificate.
I'm very confident that the certificate is valid... How to debug this error to find out why I'm receiving this message?
All my settings:
Model HPE OneView VM - VMware vSphere
Firmware Version 3.10.04-0299553
Date Jun 9, 2017
My openldap port is 389 and it uses TLS (Is oneview using TLS too?)
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-16-2017 06:38 PM
тАО09-16-2017 06:38 PM
Re: HPE Oneview openldap
Have you tried checking your cert on a cert checking website?
A message saying "not valid" isn't particularly helpful, more details would help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-18-2017 05:03 AM
тАО09-18-2017 05:03 AM
Re: HPE Oneview openldap
Hello Dennis
The certificate is self-signed
The certificate is OK because others services connect normaly to ldap using TLS.
My ldap-server works on port 389 using TLS, I don't know if Oneview supports TLS.
The only thing that oneview shows is:
The certificate entered for server 192.168.252.155:389 does not appear to be a valid certificate.
For assistance, contact your administrator.
My ldap certificate is bellow if you wanna test, and it looks ok:
> openssl x509 -in /tmp/ldap-consumer.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1376575537 (0x520ce031)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=UFFS
Validity
Not Before: Aug 15 14:05:37 2013 GMT
Not After : Aug 10 14:05:37 2033 GMT
Subject: O=UFFS, CN=srv-ldap-consumer-01.uffs.edu.br
....
-----BEGIN CERTIFICATE-----
MIIC6TCCAaGgAwIBAgIEUgzgMTANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRV
RkZTMB4XDTEzMDgxNTE0MDUzN1oXDTMzMDgxMDE0MDUzN1owOjENMAsGA1UEChME
VUZGUzEpMCcGA1UEAxMgc3J2LWxkYXAtY29uc3VtZXItMDEudWZmcy5lZHUuYnIw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKPl4hksCzKMvVgh5C9vm2tp3xll
ZUmHumIYCqoqFsDl+30ry+FypTbBWvJRHp4sfK3Q0MgQw8nBL+PzJJ4MnG/A5vuo
KHeQ4rPpAIK8kkI1yrZMMg3SPNUtUyqz+FxtvbFJm0qREEkTYMvPyZ4ZuVlmjTP/
Cq72tTa7PyxuXkO3AgMBAAGjdjB0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYI
KwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4EFgQUDUVQ0MUtmZxmMNA7
B85gS8CC6vQwHwYDVR0jBBgwFoAUhywqJ9iLCh9BvD3THAhmgoaZCVcwDQYJKoZI
hvcNAQELBQADggExAJH6QRyU/gTTc8Xfk87YfFLu4F+HBQUydQ5jiGfsywUO8VO2
7j0LvZ1lDN4xBVa9zOvmBgWs9W13X8MzR/HSSy0AvcncrOZDSl8lTPh7DvylqUQ5
K5QY48QqWfIDn5eTRtsrxDWbjirTg09LRVkiI8Gl8PP2OMqDP7TqHFO+7Poz9OVB
yjhlnDgDmMVjQ3/LOS7e9M/qL48F93YOSiG6ncu9ebk4f43wdUnbSyWYdr9HjhAc
WWjW5+X0XfkXrfTfZnr+NgHglPTzFvb9qA6lZSNW7b9BHJpKVIOPFgGAQqxXRiIB
C5kXEVBKTUrFfEFpTQwW0Lx4+VJUqauSCrFkzGBrOJD/91Mg26dpNzy+CDdkDGIr
JmZVwpCVdYe14zSKi8N8gCtIMtkV4Qus2i6Fy9A=
-----END CERTIFICATE-----
Thanks..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-18-2017 11:38 AM
тАО09-18-2017 11:38 AM
Re: HPE Oneview openldap
Yes, OneView does support TLS in many places. I see your cert does have the "Server Authentication" extension set. I will look into this and report back.
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-24-2017 08:27 PM
тАО09-24-2017 08:27 PM
Re: HPE Oneview openldap
>The certificate is self-signed
It's not self-signed. I.e. the Issuer and Subject don't match:
Issuer: CN=UFFS
Subject: O=UFFS, CN=srv-ldap-consumer-01.uffs.edu.br
You didn't post your CA so I can't verify it.
As Chris says you have these extensions:
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Subject Key Identifier:
0D:45:50:D0:C5:2D:99:9C:66:30:D0:3B:07:CE:60:4B:C0:82:EA:F4
X509v3 Authority Key Identifier:
keyid:87:2C:2A:27:D8:8B:0A:1F:41:BC:3D:D3:1C:08:66:82:86:99:09:57
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-29-2017 10:35 AM
тАО09-29-2017 10:35 AM
Re: HPE Oneview openldap
Hello
The first certificate that I have posted is not actually our main ldap server. But I have tested with our ldap main server and it gives the same error.
This is the certificate of our main ldap server
-----BEGIN CERTIFICATE-----
MIIDPzCCAfegAwIBAgIEU+4I3zANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRV
RkZTMB4XDTE0MDgxNTEzMTkyN1oXDTQyMTAyNzEzMTkyN1owDzENMAsGA1UEAxME
VUZGUzCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExAODy5VlhB525BJCy
HD49mw8k9nljW/C0Z9wbwAa7BaYidU6WseezwsW0XKgB1cxKRCEfFt5TvAUxLUmk
rqR4FlDj23zGkQN9jIuKIvTuX6xhmDcoJdzbKhE6WYbEbYZTWPBQB3rumhqqrZk1
yQGeGWDQ97ki+tbaY2RBLpSUoI8r3FHzXMfDm8ncrKA7nIl71JUSib6YSkoMePix
A9CtLRc6NBmFZ9gPVv3MC/AbZIUzSKmVpfGXlkYXWao49cmOngMJppZOiKL16TAM
hPZ9vEctCcaHY1oFJQTSZFmgRqhxM+MHNDePnxZrCalSo5EyLfLRfMqEBfgv6Zw4
HbdlrqR6qDB3fdNBKSSEGD2UUuNJdFCr3FjSbvzqYOgMTYtGuwJYjTMJzxc/9pN1
QMyRwXMCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQA
MB0GA1UdDgQWBBSHLCon2IsKH0G8PdMcCGaChpkJVzANBgkqhkiG9w0BAQsFAAOC
ATEAQan3jtFsOobn+HqOtQUxSyN4Fw+pmYTSCqeF3NfQnsqQnbaby/sO2QQl2kMF
Csv0jyOa3H1+1OnSqqB5Di8G1gs6JxFWpawDSvdu8MrfiOMkOjFvWFOAK+OX1vox
5aVKOFsMvPosjQo88YjnVCXCBtOrr+wsaXcKzDEWYEO01uVBcfV9+pzeYSBXVq7t
VwPLCNEfu/1wgeEtqvkTC8hxXEh4r28X28Hop6WhlIC5YBfmateXkXFfia0wKkW3
mhzm4iQlAmLZIgTpjadDcMljHKJeB7EOGERtytG0a18DQW6W19rxy3L+ius5eQNX
8evSty0kL7GX64swCgi/jWJGkY/d6c7kgceLDZmpAP1vXOzuTNMQDp9jPFIV91iJ
45tQjJC38VVXLEct3c9lRxW1bg==
-----END CERTIFICATE-----
This certificate is used by various systems and they connect successfully to our ldap server using tls on the port 389
But it is not working with oneview:
The certificate entered for server 192.168.252.154:389 does not appear to be a valid certificate.
This certificate is valid:
# openssl verify cacert.pem
cacert.pem: CN = UFFS
error 18 at 0 depth lookup:self signed certificate
OK
How to find out more information why oneview is not accepting this certificate?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-29-2017 01:18 PM
тАО09-29-2017 01:18 PM
Re: HPE Oneview openldap
Sent from my Windows 10 phone
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-02-2017 04:42 AM
тАО10-02-2017 04:42 AM
Re: HPE Oneview openldap
Our server is LDAPv3 and uses StartTLS on port 389.
More information: http://www.openldap.org/faq/data/cache/605.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-02-2017 07:59 AM
тАО10-02-2017 07:59 AM
Re: HPE Oneview openldap
It requires use of separate port, commonly 636.
So, trying to understand why you are using the unsecure port (389/tcp) for secure traffic.
Sent from my Windows 10 phone
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-03-2017 04:44 AM - edited тАО10-03-2017 04:49 AM
тАО10-03-2017 04:44 AM - edited тАО10-03-2017 04:49 AM
Re: HPE Oneview openldap
Using TLS the comunication is encrypted so it is Secure.
But the server allows comunication without TLS (that is insecure) because some information is not sensitive like consulting the user catalog by an e-mail client or who is calling by our telephone system.
Systems that consult sensitive information like autentication we configure them to use TLS...