Users Guide
Using iDRAC6 Directory Service 167
I enabled certificate validation but my Active Directory log in failed. I ran the
diagnostics from the GUI and the test results show the following error message.
What could the problem be and how do I fix it?
ERROR: Can't contact LDAP server,
error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed: Please check the correct
Certificate Authority (CA) certificate has been
uploaded to iDRAC. Please also check if the iDRAC
date is within the valid period of the
certificates and if the Domain Controller Address
configured in iDRAC matches the subject of the
Directory Server Certificate.
If certificate validation is enabled, iDRAC6 uses the uploaded CA certificate
to verify the directory server certificate when iDRAC6 establishes the SSL
connection with the directory server. The most common reasons for failing
certification validation are:
• iDRAC6 date is not within the valid period of the server certificate or
CA certificate. Check iDRAC6 time and the valid period of
your certificate.
• The Domain Controller Addresses configured in iDRAC6 do not match
the Subject or Subject Alternative Name of the directory server certificate.
– If you are using an IP address, see "I am using an IP address for a
Domain Controller Address, and I failed certificate validation. What
is the problem?" on page 168.
– If you are using FQDN, ensure you are using the FQDN of the domain
controller, and not the domain itself. For example, use
servername.example.com
and
not
example.com.
What should I check if I cannot log in to iDRAC6 using Active Directory?
First, diagnose the problem using the Test Settings feature. For directions,
see "My Active Directory log in failed. What do I do?" on page 166.
Then, fix the specific problem indicated by the test results. For additional
information, see "Testing Your Configurations" on page 161.
Most common issues are explained in this section. However, in general,
you should check the following: