...
After adding the certificate, restart httpd:
Tip |
---|
service httpd restart |
You can verify that the certificate is properly installed using this command:
Tip |
---|
openssl s_client -showcerts -CAfile /etc/pki/tls/certs/ca-bundle.crt -connect your.ldap.server.here:636 |
If you see "Verify return code: 0 (ok)" at the end of the output then it is installed correctly. If you see a different return code, then you'll need to troubleshoot the problem.
You may need to add a line to /etc/openldap/ldap.conf to point to the ca-bundle.crt file. If so, add the following:
No Format |
---|
TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt
|
You will need to manually add an entry to the affiliation table in the VCL database. Choose a name for the affiliation. This will be appended to all userids for the affiliation to distinguish them from other affiliations you may configure later. Initials or a short name of your organization are a good idea. The affiliation name cannot contain spaces. Use the following to add the affiliation, replacing 'EXAMPLE' with the name you chose. Take note of the id from the 2nd SQL statement as you will need it later. It is the numerical id for this affiliation.
Tip |
---|
mysql vcl |
Tip |
---|
INSERT INTO affiliation (name) VALUES ('EXAMPLE'); |
Tip |
---|
SELECT id FROM affiliation WHERE name = 'EXAMPLE'; |
Tip |
---|
exit |
...