Can't use common server certificate to configure TLS in LDAP

Hi

I’m running SLES 12 SP1, and am trying to set up a CA and a LDAP server using LDAPs on the same system.

I’ve used YaST → ‘Security and Users’ → ‘CA Management’ to create create a CA called ‘YaST_Default_CA’, executed the ‘Add Server Certificate’ wizard to create a server certificate with the common name being the FQDN of the server, and have used the ‘Export to Common Server Certificate’ wizard to make that certificate the ‘common server certificate’

I’ve confirmed in YaST → ‘Security and Users’ → ‘Common Server Certificate’ that a certificate is available and appears valid.

Now, in YaST → ‘Network Services’ → ‘Authentication Server’, I want to use this certificate in the LDAP server.

In ‘Startup Configuration’, I have enabled (in ‘Protocol Listeners’) both ‘LDAP’ and ‘LDAP over SSL’.

In ‘Global Settings’ → ‘TLS Settings’, in the ‘Basic Settings’ section, I have selected ‘Enable TLS’. ‘Enable LDAP over SSL (ldaps) interface’ is also enabled. But the ‘Use common Server Certificate’ option is ‘blued-out’ and can’t be selected.

This seems like a bug to me. Is there something that I am missing?

Thanks
tl

cat /etc/os-release

NAME=“SLES”
VERSION=“12-SP1”
VERSION_ID=“12.1”
PRETTY_NAME=“SUSE Linux Enterprise Server 12 SP1”
ID=“sles”
ANSI_COLOR=“0;32”
CPE_NAME=“cpe:/o:suse:sles:12:sp1”

For those following along, also see
http://forums.suse.com/showthread.php?t=10112 which appears to be a
nearly-identical thread, but possibly with more/newer information.


Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.