Am Fri, 11 Jun 2010 10:53:59 +0200
schrieb Jérémy ESCOLANO <jeremyescolano@gmail.com>:
> Hi, Thankyou for replying,
>
> I went a bit deeper with my problem, I can now do LDAPS but without
> verifying certificate,
> here is what I did :
>
> on the openLDAP server:
>
> --->slapd.conf
> TLSCertificateFile ./ssl2/srvLDAP.cer
> TLSCertificateKeyFile ./ssl2/srvLDAP.key
> TLSCACertificateFile ./ssl2/cacert.cer
> TLSVerifyClient never
>
> --->ldap.conf
> TLS_CACERT ./ssl2/cacert.cer
> TLS_REQCERT never
>
> Then ran my service using: slapd -h "ldap:/// ldaps:///" -d 1
>
> That's all for the openLDAP server, but not enought with apache.
>
> On the apache server I created a folder C:\openldap\sysconf
> in this directory i created openldap.conf and this contains :
>
> TLS_CACERT ./ssl/cacert.cer
> TLS_REQCERT never
>
> (with cacert.cer in c:\openldap\sysconf\ssl)
>
> It works from now BUT does NOT verify the certificate.
[...]
> TLS: can't accept.
> TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did
> not return
> a certificate s3_srvr.c:2471
> connection_read(1176): TLS accept error error=-1 id=0, closing
> connection_closing: readying conn=0 sd=1176 for close
> connection_close: conn=0 sd=1176
>
> The question is now : How can I configure my certificate on apache
> SERVER so that I will be able to do LDAPS with PHP and certificates
> will be verified. (I know should ask it on Apache list too)
bear in mind that apache is a ldap client operation, thus configure
ldap clients to verify the server certificate and not the server to
verfiy a client certificate.
-Dieter
--
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6