Am Fri, 11 Jun 2010 10:53:59 +0200 schrieb Jérémy ESCOLANO <[email protected]>:
> Hi, Thankyou for replying, > > I went a bit deeper with my problem, I can now do LDAPS but without > verifying certificate, > here is what I did : > > on the openLDAP server: > > --->slapd.conf > TLSCertificateFile ./ssl2/srvLDAP.cer > TLSCertificateKeyFile ./ssl2/srvLDAP.key > TLSCACertificateFile ./ssl2/cacert.cer > TLSVerifyClient never > > --->ldap.conf > TLS_CACERT ./ssl2/cacert.cer > TLS_REQCERT never > > Then ran my service using: slapd -h "ldap:/// ldaps:///" -d 1 > > That's all for the openLDAP server, but not enought with apache. > > On the apache server I created a folder C:\openldap\sysconf > in this directory i created openldap.conf and this contains : > > TLS_CACERT ./ssl/cacert.cer > TLS_REQCERT never > > (with cacert.cer in c:\openldap\sysconf\ssl) > > It works from now BUT does NOT verify the certificate. [...] > TLS: can't accept. > TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did > not return > a certificate s3_srvr.c:2471 > connection_read(1176): TLS accept error error=-1 id=0, closing > connection_closing: readying conn=0 sd=1176 for close > connection_close: conn=0 sd=1176 > > The question is now : How can I configure my certificate on apache > SERVER so that I will be able to do LDAPS with PHP and certificates > will be verified. (I know should ask it on Apache list too) bear in mind that apache is a ldap client operation, thus configure ldap clients to verify the server certificate and not the server to verfiy a client certificate. -Dieter -- Dieter Klünter | Systemberatung sip: +49.40.20932173 http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
