Topic: Peer's Certificate issuer is not recognized

[HACKERSOFT2011]

Hi!

I'm on to configuring smeserver to enable ldap authentication via php but get stucked on ldaps not connecting.

ldap protocol worked fine though but I prefer the more secure ldaps

I just need some help on which files should I touch and what other commands should I trigger to add our active directory certificate as trusted ca in smeserver box.

Thanks in advance for your replies.

[janet]

HACKERSOFT2011

I suggest you read the various & specific CA Cert certificate Howtos, click the Howto link at top of Forums.

[CharlieBrady]

I'm on to configuring smeserver to enable ldap authentication via php ...

I don't know exactly what you mean by that. You seem to say you are writing some php code to re-configure smeserver with ldap authentication enabled. But that seems unlikely...

ldap protocol worked fine though but I prefer the more secure ldaps

OK. And I guess from the subject, somewhere you are seeing "Peer's Certificate issuer is not recognized". Presumably you have an ldaps client somewhere which doesn't like smeserver's self-signed certificate.

But then you mention AD, so perhaps you mean something else. Maybe you should explain in more detail.

I just need some help on which files should I touch and what other commands should I trigger to add our active directory certificate as trusted ca in smeserver box.

Why do you think that would help? You probably have to look through openssl and openldap documentation to work that stuff out.

[HACKERSOFT2011]

Hi!

I got it sorted out by adding and converting the AD CA Certificate to an openldap readable format.   

Copied the .pem file to /etc/openldap/certs/ and modified ldap.conf by adding TLS_CACERT /etc/openldap/certs/ad-certificate.pem

Restarted httpd, and voila, got it working!

I will now add it to the custom template file so it can survive a reconfiguration.

Thanks anyway for your replies!