[sudo-users] TLS Configuration with sudo
sean.dolan at lmco.com
sean.dolan at lmco.com
Fri Aug 4 06:46:11 MDT 2023
RedHat 7.9, Sudo 1.9.13-1. I'm having an issue with sudo (sudoers, sudo-logsrvd) TLS where I'm getting a generic "verification failed" error (e.g `sudo date`) when using TLS for log_servers (ie. sudo-logsrvd) in the sudoers file.
The machine that is running the sudo-logsrvd service has the following line in its journal : "tlsv1 alert unknown ca" I think the message is the server trying to verify the client??
When I use openssl s_client to connect to the logsrvd TLS port, I get a self-signed cert error unless I include the -CAfile option, so I included a log_server_cabundle directive to the sudoers file to match, but that didn't seem to actually fix or change the error at all.
Am I missing something?
More information about the sudo-users
mailing list