Project

General

Profile

Actions

Bug #6954

closed

ldapweb.cgi should use standard CA file

Added by ben leinfelder almost 9 years ago. Updated almost 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
01/28/2016
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:

Description

When Nick updated the ldap.ecoinformatics.org SSL certificate to use Let's Encrypt instead of GoDaddy, the Perl script for managing accounts could not establish a TLS connection with the LDAP server. I switched to script to use the standard ca-certificates.crt file (includes all standard CAs shipped with Ubuntu) and the connection was successful. I think we should try to use the standard CA certificate file whenever possible. The current default for Metacat is this old GoDaddy CA so on any Metacat upgrades will we need to remember to switch to the standard CA file unless we change the default configuration.

Current Metacat property default value:
ldap.server.ca.certificate=WEB-INF/gd_intermediate_bundle_nceas_ldap.crt

Actions

Also available in: Atom PDF