miken32
Reputation: 42733
Certificate trust issues with adldap authentication
Trying to use SSL with LDAP authentication, I keep seeing connection attempts failing in the server log:
May 18 23:52:49 lemongrab slapd[5666]: conn=162733 fd=21 ACCEPT from IP=192.168.244.129:52174 (IP=0.0.0.0:636)
May 18 23:52:49 lemongrab slapd[5666]: conn=162733 fd=21 closed (TLS negotiation failure)
Works fine without SSL, and other applications are using SSL so I'm thinking it's a trust issue with the SSL certificate (which is signed by our internal CA.)
I'm using PHP 7, Laravel 5.2 and Adldap 2.
So, how do I specify a trusted CA cert for Adldap to use?
Upvotes: 1
Views: 1639
Answers (1)
ChadSikorra
Reputation: 2869
To avoid the security risk, you should get the certificate used by your OpenLDAP server, copy it to the server running PHP, and reference it in the /etc/ldap/ldap.conf file using
TLS_CACERT /path/to/openldap/cacert.pem
Upvotes: 1
Related Questions
- pip install fails with "connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)"
- HttpWebRequest: Could not establish Trust Relationship for SSL - Self Signed Certificate already added to Trusted Root CA
- Trusting Self-Signed Certificate using HttpClient
- Imported certificate to root authorities, but still can't establish trusted relationship