Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Specifying a trusted CA certificate

If the TLS or SSL certificate that is issued by a corporate certificate authority (CA) is not trusted or known to the vRouter, the required certificate must be explicitly specified.

To specify this certificate, use the following command:

vyatta@vyatta# set resources service-users ldap example.com tls cacert /config/auth/ldap-ca.pem

Alternatively, to reduce the number of checks on the TLS or SSL LDAP server certificate, use the following command:

vyatta@vyatta# set resources service-users ldap example.com tls reqcert {never | allow | try | demand}

If no option is explicitly specified, the demand option is set by default.

Table 1. Variable definitions
Option Description

never

Performs no request and no checks on the server certificate.

allow

Requests and checks the certificate, if available. Tolerates bad server certificates.

try

Requests and checks the certificate, if available. Bad server certificates get rejected.

demand

Requests a valid server certificate (default).