Project

General

Profile

LDAPS certificate issue

Added by Alex Smovzh over 3 years ago

Hello,

I want to configure LDAPS with proper SSL certificate check.
We use self-signed certificate with our own Root CA.

In documentation I can't find how to import or where to define public key certificate (*.pem) in Redmine.

In which configuration file public certificate can be pointed?
Or by what command it can be imported to Redmine?


Replies (2)

RE: LDAPS certificate issue - Added by Alex Smovzh over 3 years ago

Don't now if it is proper way
Added environment variables with certificate location in Apache site configuration file fix issue for me


SetEnv SSL_CERT_DIR /etc/ssl/certs
SetEnv SSL_CERT_FILE /etc/ssl/certs/certificate.pem

RE: LDAPS certificate issue - Added by Nick Van de Ven 6 months ago

In case anyone ever stumbles on this issue, here's how I resolved it today after many trial-and-error attempts with environment variables.

On CentOS 7, using redmine 4.1.2.stable. The CA Cert is from our own internal Root CA, running on windows using Active Directory Certificate Services.

Copy your CA Cert to /etc/pki/ca-trust/source/anchors/

sudo cp /your/path/to/your/ca-cert.cer /etc/pki/ca-trust/source/anchors/
update-ca-trust extract

The update-ca-trust extract command will copy the certs in the anchors directory into the various system dirs used by applications like OpenSSL/Java and so on.
By doing this, OpenSSL will now be able to trust certs signed by that CA without any changes needed at runtime.
You can remove your custom CA by removing the file from the staging path listed above and then running the update-ca-trust extract command again.

Reboot your machine

After that the test for my LDAPS connection on port 636 ran succesfully and my users can login using LDAP over SSL instead of plain LDAP.

    (1-2/2)