Zimbra Unable to start TLS: hostname verification failed when connecting to ldap master
-
@dashrender said in Zimbra Unable to start TLS: hostname verification failed when connecting to ldap master:
@scottalanmiller said in Zimbra Unable to start TLS: hostname verification failed when connecting to ldap master:
en connecting to ldap master." This can be pretty frustrating, especially as pretty much nothing online tells you what might b
So this just happened during an upgrade?
no
-
@dashrender said in Zimbra Unable to start TLS: hostname verification failed when connecting to ldap master:
Do I assume that it was in the manual that you needed to do this, and it was overlooked? or that the devs didn't bother to tell you, confirm that config during upgrade, etc?
I don't know the source of the change. It happened during a cert renewal.
-
This is with your LDAP SSL not with the Host SSL Certificate correct?
-
@dbeato said in Zimbra Unable to start TLS: hostname verification failed when connecting to ldap master:
This is with your LDAP SSL not with the Host SSL Certificate correct?
In theory they should be the same.
-
Thank you so much scottalanmiller, saved me tonight after Letsencrypt certificate installation result in TLS error...
-
@condealisson said in Zimbra Unable to start TLS: hostname verification failed when connecting to ldap master:
Thank you so much scottalanmiller, saved me tonight after Letsencrypt certificate installation result in TLS error...
Glad that it helped you!
-
@scottalanmiller Thanks... That did the trick.
-
I am still trying to understand this issue, but it is probably due to having multiple Zimbra servers in a pool. Usually in one Zimbra Server setup that usually doesn't happen.
-
@dbeato said in Zimbra Unable to start TLS: hostname verification failed when connecting to ldap master:
I am still trying to understand this issue, but it is probably due to having multiple Zimbra servers in a pool. Usually in one Zimbra Server setup that usually doesn't happen.
No, we don't use a pool here.
-
Had this error after installing a new commercial certificate. The error seems valid as my server hostname and certificate name do not match, but it is my understanding this name mismatch is allowed and should still work.
To resolve this I just ran these two commands as Zimbra user.
zmlocalconfig -e ldap_starttls_required=false
zmlocalconfig -e ldap_starttls_supported=0I am slightly concerned as to the security implications of disabling these settings. I am still on ldap not ldaps and this is on CentOS 7.
