Actions
Bug #6954
closedldapweb.cgi should use standard CA file
Start date:
01/28/2016
Due date:
% Done:
0%
Estimated time:
Bugzilla-Id:
Description
When Nick updated the ldap.ecoinformatics.org SSL certificate to use Let's Encrypt instead of GoDaddy, the Perl script for managing accounts could not establish a TLS connection with the LDAP server. I switched to script to use the standard ca-certificates.crt file (includes all standard CAs shipped with Ubuntu) and the connection was successful. I think we should try to use the standard CA certificate file whenever possible. The current default for Metacat is this old GoDaddy CA so on any Metacat upgrades will we need to remember to switch to the standard CA file unless we change the default configuration.
Current Metacat property default value:
ldap.server.ca.certificate=WEB-INF/gd_intermediate_bundle_nceas_ldap.crt
Actions