I am having one heck of a time trying to allow Rancher. When attempting to connect via TLS port (636/7363) it states that the TLS cert cant be verified.
Error creating ssl connection: LDAP Result Code 200 “”: x509: certificate signed by unknown authority
I’ve read (How To: Created an UCS-CA signed certificate for a non-UCS system within Domain), but I am curious how that gets involved with the rancher LDAP authentication setup.
The above processes generated four certs, CAcert.crt, cert.pem, reg.pem, priavate.key.
Should I use the CAcert.crt in the upload, or should I be using the UCS servers cert?
the linked howto article is not really applicable in your case. On an ucs system everything is signed with its own ca to be fully trusted internally. But that also means that you need to import that ca on other systems that should interact with it.
