At Fri, 29 Sep 2017 10:29:11 -0700 Quanah Gibson-Mount <quanah@symas.com> wrote:--On Friday, September 29, 2017 2:17 PM -0400 Robert Heller <heller@deepsoft.com> wrote: > Signature Algorithm: sha1WithRSAEncryption The above is probably your problem. I believe MozNSS will no longer accept SHA1 certs. This was in the link I sent you yesterday. Generate a more secure cert (I.e., SHA256 or higher).I replaced the certs with SHA256 versions and it is still not working:
You need logs from SSSD detailing why it is failing to negotiate. As you noted before, ldapsearch/ldapwhoami etc work for you. If that is still the case now with your new certs, you will need to pursue support with RedHat, as this clearly is not an OpenLDAP issue. Sorry I can't be of any more help than that.
Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>