You are not logged in.
Pages: 1
We're using 1 general GLPI server and multiple OCS servers.
We made the GLPI server the CA authority and generated certificates for all the OCS servers.
Is it possible to force GLPI to use SSL to sync with OCS servers?
Building up an secure MySQLconnection with the OCS servers works already.
(GLPI is installed on a debian 5.0 server, the OCS servers are debian 4.0)
Offline
I don't understand your question. The GLPI server juste communicate whith the mysql server who contains the ocs DB.
JMD / Jean-Mathieu Doléans - Glpi-project.org - Association Indepnet
Apportez votre pierre au projet GLPI : Soutenir
Offline
I don't understand your question. The GLPI server juste communicate whith the mysql server who contains the ocs DB.
First of all, sorry for the late response.
The connection between GLPI and OCS is a direct MySQL connection. But this connection is unencrypted. As the data is transfered over the web we'd like it to be encrypted. We could set up an VPN or something like that, but we use allot of OCS servers so that ain't practical.
Using a shell it will be something like this:
mysql --ssl --ssl-ca /<....>/cacert.pem -u <user> -p<pass> -h <target ip> <databasename>
This way an encrypted SSL connection is made.
By add the following text to /etc/mysql/my.cnf:
[mysql]
ssl
ssl-ca /<....>/cacert.pem
All connections will be auto encrypted.
In PHP you can do something similar:
With mysql there is: mysqli::ssl_set ( string $key , string $cert , string $ca , string $capath , string $cipher )
with mysql you've got the "MYSQL_CLIENT_SSL" parameter.
However, the GLPI db connect function doesn't have these parameters (and even if I edit the source code I can't get it to work, I can't event successfully use php the make a SSL MySQL connection)
Do you know any way to configure mysql / php to always use a SSL connection? (And preferably leave GLPIuntouched)
Edit: We solved the problem by editing and recompiling the php code. Now every php code will use SSL. For us this is no problem as this server is dedicated for GLPI.
Last edited by concept (2010-04-09 12:46:52)
Offline
Pages: 1