当我尝试使用自签名证书将radiap与ldap连接时,我收到以下消息:
rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots used
rlm_ldap (ldap): Connecting to ldap://freeipa.datiobd.com:389
TLSMC: MozNSS compatibility interception begins.
tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015.
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present.
tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only.
TLSMC: MozNSS compatibility interception ends.
TLS certificate verification: Error, self signed certificate in certificate chain
TLS: can't connect: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate in certificate chain).
这是我的ldap模块配置:
ldap {
server = 'ldap://ldap.server' # ldap server
port = '389' # ldap port
identity = 'user'
.....
tls {
start_tls = yes
require_cert = "demand"
}
我如何告诉freeradius信任自签名证书?
谢谢!