LDAPS => how to deploy the CA?

[nicedevil]

Good evening guys,

I went through the documentation for first installation of PMG 7.1 and I'm not able to deploy the LDAPS because of the untrusted domain.
That makes sense because I can't find on how to add the CA cert to the trusted certs of the PMG.

Can anyone help me out with this?

 

[t.lamprecht]

Hi,

Per default, it checks all CA's in /etc/ssl/certs/, so if you import it so that the system recognizes it as trusted it'd already work.

Alternatively you can configure a specific CA file for an LDAP realm, currently that's not possible to configure via the webinterface directly, but you can either edit /etc/pmg/ldap.conf and add a cafile /path/to/ca option or use the pmgsh helper and execute something like: pmgsh set /config/ldap/REALMID/config --cafile /path/to/ca (replace REALMID with the respective one).