[ZendTo] Re: Anyone doing ZendTo on Solaris?

Sergio Rabellino rabellino at di.unito.it
Wed Jan 23 22:28:39 GMT 2013


AFAIK, PHP ldaps's  it's primarily built around openldap, so you need to 
put the CA cert in the openldap directory default's.
Normally i compile myself the libraries, and even php, so this default 
can change in the CSW repository, but usually you can find/define that 
directory into the openldap.conf (probably under /etc/somewhere or 
/opt/somewhere, mine it's under /opt/openldap/etc/openldap) and inside 
you can write:

TLS_CACERTDIR /every/path/you/want

and putting there the CA certificates you want check against. Remember 
to do the cert hash listing to get sure that the cacerts are found.

Hope this clarify.

Il 23/01/2013 21:33, John Thurston ha scritto:
> I have the application running but am unable to get ldaps working. It is
> failing to validate the certificate:
>> Warning: ldap_start_tls(): Unable to start TLS: Connect error in /opt/ZendTo/lib/NSSLDAPAuthenticator.php
> and
>> TLS: can't connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate in certificate chain).
> I'm running Solaris 10 and have used opencsw packages for:
>    CSWapache2
>    CSWap2-modphp5
>    CSWap2-modphp5
>    CSWphp5-sqlite
>    CSWphp5-ldap
>    CSWphp5-json
>    CSWphp5-pdosqlite
>    CSWphp5-openssl
>    CSWopenldap-client
>
> with openssl, I can validate the cert on the directory server:
>>   openssl s_client -connect ldap.foo.us:636 -CApath /opt/csw/ssl/certs
> but openssl will not validate the cert without the -CApath option. This
> makes me think that PHP is also ignorant of where to find the root
> certificates.
>
> I can't figure out how or where to tell PHP to look at this directory of
> hashed root certificates. Am I barking up the wrong tree? Can anyone
> give me a clue?
>

-- 
ing. Sergio Rabellino

Università degli Studi di Torino
Dipartimento di Informatica
ICT Services Coordinator
Tel +39-0116706701 Fax +39-011751603
C.so Svizzera , 185 - 10149 - Torino

<http://www.di.unito.it>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20130123/d7e3f35a/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo.jpg
Type: image/jpeg
Size: 4167 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20130123/d7e3f35a/attachment.jpg 


More information about the ZendTo mailing list