Am Fri, 11 Jun 2010 10:53:59 +0200 schrieb Jérémy ESCOLANO jeremyescolano@gmail.com:
Hi, Thankyou for replying,
I went a bit deeper with my problem, I can now do LDAPS but without verifying certificate, here is what I did :
on the openLDAP server:
--->slapd.conf TLSCertificateFile ./ssl2/srvLDAP.cer TLSCertificateKeyFile ./ssl2/srvLDAP.key TLSCACertificateFile ./ssl2/cacert.cer TLSVerifyClient never
--->ldap.conf TLS_CACERT ./ssl2/cacert.cer TLS_REQCERT never
Then ran my service using: slapd -h "ldap:/// ldaps:///" -d 1
That's all for the openLDAP server, but not enought with apache.
On the apache server I created a folder C:\openldap\sysconf in this directory i created openldap.conf and this contains :
TLS_CACERT ./ssl/cacert.cer TLS_REQCERT never
(with cacert.cer in c:\openldap\sysconf\ssl)
It works from now BUT does NOT verify the certificate.
[...]
TLS: can't accept. TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate s3_srvr.c:2471 connection_read(1176): TLS accept error error=-1 id=0, closing connection_closing: readying conn=0 sd=1176 for close connection_close: conn=0 sd=1176
The question is now : How can I configure my certificate on apache SERVER so that I will be able to do LDAPS with PHP and certificates will be verified. (I know should ask it on Apache list too)
bear in mind that apache is a ldap client operation, thus configure ldap clients to verify the server certificate and not the server to verfiy a client certificate.
-Dieter