On 23.03.22 at 11:46 Johannes Kastl wrote:
ca is a folder with PEM format CA's that should be added to the trust root for this instance.I understood this to be optional? Is this actually required?
Found it: https://www.port389.org/docs/389ds/howto/howto-ssl.html
ca.crt # The issuers CA certificate.
So I created yet another Kubernetes "secret" holding the Let's Encrypt CA certificate and mounted it to /data/tls/ca/ca.crt, and now the server is enabling TLS and I can connect using "ldapsearch -ZZ ...".
Johannes -- Johannes Kastl Linux Consultant & Trainer Tel.: +49 (0) 151 2372 5802 Mail: kastl@xxxxxxxxxxxxx B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg http://www.b1-systems.de GF: Ralph Dehner Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
