Skip to main content
Version: 7.0

Windows Server

PHP on Windows uses its own certificate store. If Passwork is installed on a Windows Server, the PHP module responsible for LDAP does not accept the LDAP server certificate, even if it is added to the Windows trusted certificate store.

For PHP to accept the certificate, it is necessary to:

  1. Create a folder named openldap at the root of the system drive.
  2. Inside the openldap folder, create a folder named sysconf.
  3. Inside the sysconf folder, create a file named ldap.conf with the following content:
TLS_CACERT C:\openldap\sysconf\ldap_example.cer

TLS_REQCERT demand

TLS_CACERT — path to the certificate.

danger

Please note:

  • The certificate with the .cer extension must include both the root and all intermediate certificates for proper connection to the LDAPS server;
  • The certificate must be in base64 format. Opening the certificate file with Notepad will display the certificate hash.
Example of file names with locations