I have a couple of apache web server installations that have been unable to connect to an Active Directory server after its certificate was renewed. The two installations I attempted to use were versions 2.0.59 and 2.2.8 both installed on Windows (Win2003 Server and WinXPSP2, respectively). Prior to the certificate renewal, the 2.0.59 installation worked without issue. Since I don't control the AD server, I am not certain of the exact procedure used to renew the certificate. I was told that the procedure used was Microsoft's recommended procedure. I also know that both the server certificate and the root certificate had to be renewed. Finally, WebSphere Application Server running on an iSeries machine and a WinXP machine was able to use the new certificate to establish a secure connection. (Hence, the comment that the certificate was apparently valid.)
I tried turning on debug logs in Apache but found nothing that indicated the reason the certificate was being rejected. The regular error logs merely said that the LDAP server was down or unavailable depending on which Apache installation. Wireshark logs indicated that the client was killing the connection immediately after the server sent its certificate. I went through that certificate and it appeared to match perfectly with the certificate I saved from the AD server. Later, I attempted to connect using a version 2.2.4 installation on an Ubuntu 7.10 box. The Wireshark logs there indicated that it was the server that was killing the connection. The owners of the AD server finally reissued the root certificate and the original Apache configurations worked without a problem. At this point, we have something working but we would very much like to know what happened and why. Can anyone shed some light on this? Thank you for your time, Paul Scheible --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
