Specifying a trusted CA certificate
If the TLS or SSL certificate that is issued by a corporate certificate authority (CA) is not trusted or known to the vRouter, the required certificate must be explicitly specified.
To specify this certificate, use the following command:
vyatta@vyatta#
set resources service-users ldap example.com tls cacert /config/auth/ldap-ca.pem
Alternatively, to reduce the number of checks on the TLS or SSL LDAP server certificate, use the following command:
vyatta@vyatta#
set resources service-users ldap example.com tls reqcert {never | allow | try | demand}
If no option is explicitly specified, the demand option is set by default.
Option | Description |
---|---|
never |
Performs no request and no checks on the server certificate. |
allow |
Requests and checks the certificate, if available. Tolerates bad server certificates. |
try |
Requests and checks the certificate, if available. Bad server certificates get rejected. |
demand |
Requests a valid server certificate (default). |