LDAP: couldn't connect to LDAP server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
opennic:tls [2021-03-01T08:55:14Z]
deep42thought [How to get started] new
opennic:tls [2021-08-08T18:51:47Z] (current)
marek Correct Debian Path
Line 14: Line 14:
 The acme server runs on a domain which must be validated by the same root certificate which is used for other opennic domains. The acme server runs on a domain which must be validated by the same root certificate which is used for other opennic domains.
 Thus, one must download the root certificate (and ignore the certificate error on the https connection) and install it as a trusted root certificate. Thus, one must download the root certificate (and ignore the certificate error on the https connection) and install it as a trusted root certificate.
 +If you like to avoid possible MITM attacks on the download, you can verify the [[https://eckner.net/certs/sha512sums|sha512sum]] of the certificate, too (this file also contains checksums for older and for an unrelated ca). On arch linux, one would run:
 <code> <code>
-curl --insecure -o /usr/share/ca-certificates/trust-source/anchors/opennic_root_ca.crt https://playground.acme.libre/opennic_root_ca.crt+cd /usr/share/ca-certificates/trust-source/anchors 
 +curl --insecure -o opennic_root_ca.crt https://playground.acme.libre/opennic_root_ca.crt 
 +curl https://eckner.net/certs/sha512sums | sed 's/  \S\+\(opennic_root_ca\.crt\)$/  \1/;t;d' | sha512sum -c
 trust extract-compat trust extract-compat
 +</code>
 +On debian, the commands are rather:
 +<code>
 +cd /usr/local/share/ca-certificates/trust-source/anchors
 +curl --insecure -o opennic_root_ca.crt https://playground.acme.libre/opennic_root_ca.crt
 +curl https://eckner.net/certs/sha512sums | sed 's/  \S\+\(opennic_root_ca\.crt\)$/  \1/;t;d' | sha512sum -c
 +update-ca-certificates
 </code> </code>
 Check, that the certificate was installed correctly: Check, that the certificate was installed correctly:
  • /wiki/data/attic/opennic/tls.1614588914.txt.gz
  • Last modified: 8 months ago
  • by deep42thought