Guest

Preview Tool

Cisco Bug: CSCvs37524 - ESA not using the configured certificate for LDAP over SSL

Last Modified

Jan 23, 2020

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

12.5.1-031

Description (partial)

Symptom:
ESAs on 12.5.1-031 where LDAP is configured to use SSL will not use the LDAP certificate configured and default to the Default System Certificate.

When this occurs, any SSL handshake connection where certificate validation is done by the LDAP server will result in a FATAL alert with Unknown CA (seen within a packet capture) as the default system certificate is self signed.

Conditions:
ESA on 12.5.1-031 build.
ESA has configured LDAP functionality.
ESA has configured a custom signed certificate for usage.
LDAP server is configured to validate certificates.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.