Changes

From SME Server
Jump to navigationJump to search

Client Authentication:Ubuntu via sssd/ldap (view source)

Revision as of 01:14, 11 May 2016

271 bytes added ,  01:14, 11 May 2016
m
→‎Managing the CA on SME
Line 45: Line 45:     
===Managing the CA on SME===
 
===Managing the CA on SME===
after having installed PHPki, go to https://www.domain.tld/phpki and download the certificate of authority (ca-certificates.crt) to the client machine .
+
==PHPKi==
 +
 
 +
After having installed PHPki, go to https://www.domain.tld/phpki and download the certificate of authority (ca-certificates.crt) to the client machine.
    
Place a copy of it or of another CA into /etc/ssl/certs/ and give the 644 permissions:
 
Place a copy of it or of another CA into /etc/ssl/certs/ and give the 644 permissions:
 
  cp ~/Downloads/ca-certificates.crt /etc/ssl/certs/
 
  cp ~/Downloads/ca-certificates.crt /etc/ssl/certs/
 
  chmod 644 /etc/ssl/certs/ca-certificates.crt
 
  chmod 644 /etc/ssl/certs/ca-certificates.crt
 +
 +
==Letsencrypt==
 +
 +
If you use Letsencypt for your certificates then your client machine should already have the ca-certificate for letsencrypt installed
 +
 +
You should be able to set the following in sssd.conf
 +
 +
ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
    
===Configure SSSD===
 
===Configure SSSD===
Retrieved from "https://wiki.koozali.org/Special:MobileDiff/31280"

Navigation menu