Pre-requisites:
- FMOS version must be 8.26.x or earlier
*************************************************
If you need to retrieve the LDAPS cert of a particular LDAP server, please do the following:
- Run the following openssl command from the FireMon Application Server CLI:
- openssl s_client -connect ldapserver:636 -showcerts
- Copy and paste the top level cert into a text editor. The cert should look something like this and will contain the fqdn of the LDAP server:
- -----BEGIN CERTIFICATE-----
MIIF6jCCA9KgAwIBAgIIAoGr7Yg3kncwDQYJKoZIhvcNAQENBQAwfDELMAkGA1UE
BhMCVVMxCzAJBgNVBAgMAktTMRYwFAYDVQQHDA1PdmVybGFuZCBQYXJrMRUwEwYD
VQQKDAxGaXJlTW9uLCBMTEMxEDAOBgNVBAsMB1N1cHBvcnQxHzAdBgNVBAMMFkZN
T1MgRWNvc3lzdGVtIFJvb3QgQ0EwIhgPMjAxODA5MjUxODI0MTBaGA8yMDI4MDky
MjE4MjQxMFowgYExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJLUzEWMBQGA1UEBwwN
T3ZlcmxhbmQgUGFyazEVMBMGA1UECgwMRmlyZU1vbiwgTExDMRAwDgYDVQQLDAdT
dXBwb3J0MSQwIgYDVQQDDBtGTU9TIEVjb3N5c3RlbSBTZXJ2ZXIgQ0EgUzEwggIi
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDBPxYtBgYSBNrmefa5Ka5R8yN5
z8QGWIKWvkPASLnAFMPP+sXtJs4ai2epe//i7Ea01TI8cOFZv1DOi1I97DJMhlt1
D5bcaCkT3/jGfcCY0hIkbIaeS8rZMHidxSw24sM5lmA67CnR9Zv7VC6z4v7LYgq9
8WTuDX5K7Eq4p8dL43BnmHg8qtd0WoUC2wn8QA4QHrZyOzhu5mmlxVC7tJekAG1g
Wig2WQCXDuB+T1oDmIV/H7nxj0YIX3VwTqz92jk3t2EUUgyDCVS1h60GNw0l1FUK
EbVtea74MdVYtnfSqvbLzo58H1JLZ4LnNhnErP3haS8Q7j39Snkn/qIj0mr4VISI
y7OEmBVWwWoE4GDbOIp8LdVvgl+8KgMfK3NjmtCOJdCjJeLlO+fNt0Q8cRzOFl+T
EUnoSV+5KNQHOCZvN3TmqMZfJVuE5oW7hgFesIIqHpA/trxYjleq3aOFQwj3i+Ye
/C4231Z1Bxke6xHaptYa/iWU/zPMfpnp70b2UMmACYpVY2vtv0sNPKn3DH/cUb+f
f+TWoInEaenzTlW6MGxUJyFCD18qPXE+e7TmHZzdmjxlH1uf2a1J80J2YarPpwnM
9pOmkD44UYV7UzlwJgYHWoxLLEjSeMefEZhOF1YhZO1P8KUMREhJ3A9JQaXY8mTn
lAa30UtVXztDXq33OQIDAQABo2YwZDAdBgNVHQ4EFgQUUPurUOuO+BdJAVkporXY
qZ81aocwHwYDVR0jBBgwFoAUhkTGMiU0IN+1bPLKod9CxXqsvMQwEgYDVR0TAQH/
BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIBAHrw
AsAWBkgk0hm7YZdoqS7jqX5UIGecKVRsYNpSLercP/71Vh1uPGrEj8cld8xroly5
Mctu/Es8ASpTUfo/gpcHt82KPkhMk4g6TXXZRhqcmPUopvJY7+rgIzJf0+ibUb4+
iYbVX3LHjCAmSWJ9cxQ3/12PsPVs4ezuDiMQoYJIBmoNcBq5Otpe8l4vRecmNWts
F6V6F3m5V52+rwruZW37q5Jewj1uvlCc4+xtumqVCL3wQYQj3HvoL22P3UnEEvco
22k9UGmqGP4eobO7T9wULqPYkSpm3/hKs7xl/HG2ESw7RvfNqHC1DrCPJTkrv1oS
V7XTzn7jm+sD4DlFCGTp9L+LHcJhz9tUkaRPbVQzKM6CbO7wY4DfvdLGUa0wEl+i
0OTCYKUQq0BUbJnjPDUFywv53UxfviSMRxRFtu3qcvyKCrrORPs2qGmr2Y0KzPZA
1zOcJNmMHx4kHLWWXt92UNm5rncDBJUY2mVXhgwHv69fva4UmSFiONke1mZDeN1E
gKXsbyaiZOTHGvLJNfCLmudGYkrpdMySB+BaWNPVUu57+iLzzKMijxxbKfEFNkmt
B3I5BiDt9sznS1OHP7UP1TUlbGgHacAI4cR1hybQsTceExHMr/onghlwv/oeqlnj
iUiBzVSho6JmxEuf6zOBN3+R3ocrfbVTZnt3NZvj
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=KS/L=Overland Park/O=FireMon, LLC/OU=Support/CN=server.domain.com
issuer=/C=US/ST=KS/L=Overland Park/O=FireMon, LLC/OU=Support/CN=FMOS Ecosystem Server CA S1
---
- -----BEGIN CERTIFICATE-----
- Using either VI or NANO, create a file (cert.pem) and paste the copied certificate into this file. Filename doesn't matter.
- Import the newly created certificate with this:
- fmos pki import-ca file.pem
- Retest the LDAP settings in the FireMon Administration Authentication Server settings. TLS connection should be green. If not, the imported certificate is most likely incorrect.
Comments
0 comments
Article is closed for comments.