Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Specifying a trusted CA certificate

If the TLS or SSL certificate that is issued by a corporate certificate authority (CA) is not trusted or known to the vRouter, the required certificate must be explicitly specified.

To specify this certificate, use the following command:

vyatta@vyatta# set resources service-users ldap example.com tls cacert /config/auth/ldap-ca.pem

Alternatively, to reduce the number of checks on the TLS or SSL LDAP server certificate, use the following command:

vyatta@vyatta# set resources service-users ldap example.com tls reqcert {never | allow | try | demand}

If no option is explicitly specified, the demand option is set by default.

Table 1. Variable definitions
Option Description

never

Performs no request and no checks on the server certificate.

allow

Requests and checks the certificate, if available. Tolerates bad server certificates.

try

Requests and checks the certificate, if available. Bad server certificates get rejected.

demand

Requests a valid server certificate (default).