I am facing some issue when I enable TLS communication . I have installed x.509, intermediate and root cert in the AD DC,Cert store and VA cert location, verified private key. When I do SSL with hostname, I am seeing below error message.
SSL handshake has read 0 bytes and written 336 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
Certification is in .PEM format. In Sailpoint ISC when I do test connection I am seeing following error message "We have detected an error from the managed system.
Error Received:
[ InvalidConfigurationException ] [ Possible suggestions ] Ensure that the Active Directory Service is up and running. [ Error details ] Failed to connect to - dc=assureddev,dc=com : java.lang.Exception: [ERROR 1] Failed to connect to server:ldap://ASP-D-DC2-02.assureddev.com:636 - LDAP connection has been closed"
Have you validated that port 636 is open? This looks like a firewall issue.
Try telnet <IP address> 636 or nc -zv <IP> 636
If you don’t have a successful connection there, contact your firewall team to get the port opened. I’d also recommend you remove your server name from the above post since this is a public forum.
Please input the below command to check whether target system has TLS certificate installed or not.
openssl s_client -connect ip/fqdn of machine:TLS port
for example, openssl s_client -connect 192.54.35.32:636
Check the certificate details in command the command response.
Check Subject and Subject Alternate Name (SAN) contains the FQDN of AD DC or not.
I am suspecting that the Certificate is not installed in the DC.
If certificate is there then try to install the new certificate with is fetched by using command present in step 1.
Also look into below topic for more clarification for installation steps.
Hope the above information will help you .
Thank you.
.