[SAC] [OSGeo] #2295: Replace ldaps STAR cert with letsencrypt or single cert

[OSGeo]

#2295: Replace ldaps STAR cert with letsencrypt or single cert
---------------------------+---------------------------------------
 Reporter:  robe           |       Owner:  sac@…
     Type:  task           |      Status:  new
 Priority:  blocker        |   Milestone:  Sysadmin Contract 2019-I
Component:  Systems Admin  |  Resolution:
 Keywords:                 |
---------------------------+---------------------------------------

Comment (by robe):

 Tested on funtoo.osgeo.org and that one works too.

 I tried on winnie.postgis.net and it worked with ldap.osgeo.org and not
 ldap2.osgeo.org

 If I edit /etc/ldap/ldap.conf

 Taking out the old star cert and replacing with the packaged certificate
 bundle,
 then it works on her too.


 {{{
 #TLS_CACERT /etc/ssl/certs/STAR_osgeo_org.ca-bundle  #this file you need
 to copy from osgeo6 as well
 TLS_CACERT      /etc/ssl/certs/ca-certificates.crt
 }}}


 I guess with the newer servers I had set up , I never bothered changing
 the default TLS_CACERT since it seemed to work without the change so that
 might be why all the newer ones I setup work.

 I just tried on old-adhoc and works too if I change the TLS_CACERT entry.
 There is a similar change I think I need to make possibly in the nss files
 for login will test that next.

-- 
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2295#comment:4>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.