No support for TLS secured LDAP with unverifiable certificates in Messaging Gateway 10.7

book

Article ID: 185108

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Messaging Gateway (SMG) 10.6.6 improved security in the certificate validation for TLS secured LDAP / DDS connection which resulted in some installations failing to communicate with the configured directory over a secure connection. Patch 10.6.6-273 was released to allow SMG customers time to correct the certificate configuration of directory servers whose certificates to not meet the minimum requirements for certificate validation.

Messaging Gateway 10.7 uses the more secure certificate validation implemented in SMG 10.6.6 but no patch will be provided to reduce the security level for LDAP TLS certificate validation. Secure LDAP over TLS will require that the certificates used by the directory server meet minimum requirements for certificate validation including the proper configuration of the certificate's Common Name or Subject Alternative Name fields.

Resolution

TLS certificates must be signed with a certificate trusted by the SMG appliance and have a properly formatted Common Name and Subject Alternative Name field.

Please see Adding a CA or an intermediate certificate for details on adding certificates to the trusted certificate list.