According to what's you are saying, Apache has to verify which certificate ? the CA certificate ? the apache server certificate or the ldap certificate? Thank you for your information that help me to understand better.
2010/6/11 Dieter Kluenter <[email protected]> > Am Fri, 11 Jun 2010 10:53:59 +0200 > schrieb Jérémy ESCOLANO <[email protected]>: > > > Hi, Thankyou for replying, > > > > I went a bit deeper with my problem, I can now do LDAPS but without > > verifying certificate, > > here is what I did : > > > > on the openLDAP server: > > > > --->slapd.conf > > TLSCertificateFile ./ssl2/srvLDAP.cer > > TLSCertificateKeyFile ./ssl2/srvLDAP.key > > TLSCACertificateFile ./ssl2/cacert.cer > > TLSVerifyClient never > > > > --->ldap.conf > > TLS_CACERT ./ssl2/cacert.cer > > TLS_REQCERT never > > > > Then ran my service using: slapd -h "ldap:/// ldaps:///" -d 1 > > > > That's all for the openLDAP server, but not enought with apache. > > > > On the apache server I created a folder C:\openldap\sysconf > > in this directory i created openldap.conf and this contains : > > > > TLS_CACERT ./ssl/cacert.cer > > TLS_REQCERT never > > > > (with cacert.cer in c:\openldap\sysconf\ssl) > > > > It works from now BUT does NOT verify the certificate. > [...] > > TLS: can't accept. > > TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did > > not return > > a certificate s3_srvr.c:2471 > > connection_read(1176): TLS accept error error=-1 id=0, closing > > connection_closing: readying conn=0 sd=1176 for close > > connection_close: conn=0 sd=1176 > > > > The question is now : How can I configure my certificate on apache > > SERVER so that I will be able to do LDAPS with PHP and certificates > > will be verified. (I know should ask it on Apache list too) > > bear in mind that apache is a ldap client operation, thus configure > ldap clients to verify the server certificate and not the server to > verfiy a client certificate. > > -Dieter > > -- > Dieter Klünter | Systemberatung > sip: +49.40.20932173 > http://www.dpunkt.de/buecher/2104.html > GPG Key ID:8EF7B6C6 > >
