You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "John Beaulaurier -X (jbeaulau - ADVANCED NETWORK INFORMATION INC at Cisco)" <jb...@cisco.com> on 2015/04/15 01:49:48 UTC

[users@httpd] Apache ldaps ceritificate directive issue

Hello,

We're running Server version: Apache/2.0.63 that needs to be configured for LDAPS. I have run into an issue with the certificate directives.

I have a .pem file with the trusted ca-certs, but when I configure httpd.conf to use it with the directives "LDAPTrustedCA /local/.pem" and  "LDAPTrustedCAType BASE64_FILE"
The following error occurs.

Syntax error on line 349 of /local/apache/conf/httpd.conf:
LDAPTrustedCA not allowed here

This is a directive for this Apache release, so I'm not sure why.

Thanks
-John

Re: [users@httpd] Apache ldaps ceritificate directive issue

Posted by Otis Dewitt - NOAA Affiliate <ot...@noaa.gov>.

[image: top] <http://shib.ametsoc.org/manual/mod/mod_ldap.html#page-header>
LDAPTrustedCA DirectiveDescription:
<http://shib.ametsoc.org/manual/mod/directive-dict.html#Description>Sets
the file containing the trusted Certificate Authority certificate or
databaseSyntax:
<http://shib.ametsoc.org/manual/mod/directive-dict.html#Syntax>
LDAPTrustedCA directory-path/filenameContext:
<http://shib.ametsoc.org/manual/mod/directive-dict.html#Context>server
configStatus:
<http://shib.ametsoc.org/manual/mod/directive-dict.html#Status>Experimental
Module: <http://shib.ametsoc.org/manual/mod/directive-dict.html#Module>
mod_ldap

It specifies the directory path and file name of the trusted CA mod_ldap
<http://shib.ametsoc.org/manual/mod/mod_ldap.html> should use when
establishing an SSL connection to an LDAP server. If using the
Netscape/iPlanet Directory SDK, the file name should be cert7.db.
[image: top] <http://shib.ametsoc.org/manual/mod/mod_ldap.html#page-header>
LDAPTrustedCAType DirectiveDescription:
<http://shib.ametsoc.org/manual/mod/directive-dict.html#Description>Specifies
the type of the Certificate Authority fileSyntax:
<http://shib.ametsoc.org/manual/mod/directive-dict.html#Syntax>
LDAPTrustedCAType typeContext:
<http://shib.ametsoc.org/manual/mod/directive-dict.html#Context>server
configStatus:
<http://shib.ametsoc.org/manual/mod/directive-dict.html#Status>Experimental
Module: <http://shib.ametsoc.org/manual/mod/directive-dict.html#Module>
mod_ldap

The following types are supported:
DER_FILE - file in binary DER format
BASE64_FILE - file in Base64 format
CERT7_DB_PATH - Netscape certificate database file ")

Note: Add here:
          vi  /etc/http/conf.d/ca.conf

On Tue, Apr 14, 2015 at 7:49 PM, John Beaulaurier -X (jbeaulau - ADVANCED
NETWORK INFORMATION INC at Cisco) <jb...@cisco.com> wrote:

>  Hello,
>
>
>
> We’re running Server version: Apache/2.0.63 that needs to be configured
> for LDAPS. I have run into an issue with the certificate directives.
>
>
>
> I have a .pem file with the trusted ca-certs, but when I configure
> httpd.conf to use it with the directives “LDAPTrustedCA /local/.pem” and
>  “LDAPTrustedCAType BASE64_FILE”
>
> The following error occurs.
>
>
>
> Syntax error on line 349 of /local/apache/conf/httpd.conf:
>
> LDAPTrustedCA not allowed here
>
>
>
> This is a directive for this Apache release, so I’m not sure why.
>
>
>
> Thanks
>
> -John
>
>
>