Good day all,
I am having difficulties getting PLA to use tls certificates.
Seems to be a problem with PLA not knowing where the certificates are...
--ERRORS--
PLA:
"Could not start TLS. Please check your LDAP server configuration."
Ldap server:
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client certificate B
TLS: can't accept.
TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did
not return a certificate s3_srvr.c:2458
connection_read(14): TLS accept failure error=-1 id=0, closing
--SETUP--
(PLA on different server that openldap.)
(LDAP only accepts connection if client has a certificate.)
WEB SERVER:
-PLA v1.1.0.7
-Apache v2.2.3
-RHEL v5.2
-/etc/openldap/ldap.conf:
URI ldap://10.10.10.10
BASE o=ids
TLS_CACERTDIR /etc/openldap/cacerts
TLS_CACERT /etc/openldap/cacerts/cacert.pem
TLS_CIPHER_SUITE TLSv1+RSA:!NULL
TLS_REQCERT demand
-.ldaprc or ldaprc
TLS_CERT /etc/openldap/cacerts/clientcrt.pem (Mode: 644)
TLS_KEY /etc/openldap/cacerts/clientkey.pem (Mode: 644)
-Tried in the following locations:
-/var/www/.ldaprc (httpd user's home)
-/var/www/html/pla/htdocs/ldaprc
-/var/www/html/pla/htdocs/.ldaprc
Ldap server:
-OpenLDAP v2.3
-slapd.conf
(Relevant TLS entries only)
TLSCACertificateFile /etc/openldap/cacerts/cacert.pem
TLSCertificateFile /etc/openldap/cacerts/servercrt.pem
TLSCertificateKeyFile /etc/openldap/cacerts/serverkey.pem
TLSVerifyClient demand
TLSCipherSuite TLSv1+RSA:!NULL
Any help is much appreciated.
Thanks
-Josh
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
phpldapadmin-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpldapadmin-users
