You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Jan Tomášek (JIRA)" <ji...@apache.org> on 2019/04/18 16:00:00 UTC

[jira] [Created] (DIRSTUDIO-1223) Explicit CA used for LDAPS connection verification

Jan Tomášek created DIRSTUDIO-1223:
--------------------------------------

             Summary: Explicit CA used for LDAPS connection verification
                 Key: DIRSTUDIO-1223
                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1223
             Project: Directory Studio
          Issue Type: Wish
            Reporter: Jan Tomášek
         Attachments: ApacheStudioTrust.png

By default ApacheDirectoryStudio trust to any valid certificate I guess? My settings are empty:



 



 

It would be security improvement if there will be possibility to specify explicit CA or even better intermediate CA which only is allowed for specific LDAP server.

We are running LDAP servers equipped with EV certificates but ApacheDirectoryStudio connect to them even when I change certificates to Let's Encrypt. I'm afraid that attacker who will be able to steal IP will be able to issue Let's Encrypt



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)