TLS handshake failed
While Configuring an Active Directory in the agent, you may encounter the following error on the WSTEP tab of the on-premises PKIaaS Virtual Machine.
url: ldap://<DOMAIN-CONTROLLER-FQDN>LDAP Result Code 200 "Network Error": TLS handshake failed (tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config)
See below for a list of possible causes and the corresponding solutions.
Missing LDAPS TLS certificate
The Domain Controller is missing a TLS certificate for LDAPS.
Issue resolution:
Run the command described in Validating the LDAPS configuration
If the output of the command does not contain an LDAPS TLS certificate, follow the steps described in Setting up LDAPS on domain controllers.
Invalid LDAPS TLS certificate
The Domain Controller does not have a valid TLS certificate for LDAPS connections.
Issue resolution: Check the following.
The certificate meets the requirements described in Generating the LDAPS TLS certificates.
The certificate chain has been imported as explained in Creating a Group Policy Object for the LDAPS TLS certificate chain.
LDAPS TLS certificate not trusted
The root CA certificate of the LDAPS TLS certificate chain is not trusted.
Issue resolution: Verify the root CA certificate in the root Active Directory domain matches the root CA certificate imported when Configuring an Active Directory in the agent.
Incorrect DNS entries
The DNS server on your network might have an incorrect IP address for the Active Directory domain controller.
Issue resolution: Verify the IP address of the Active Directory domain controller is properly configured in the DNS server.