Hi, I did run some openssl commands and here is what I saw.
# openssl s_client -connect <ldap server ip>:636 verify error:num=20:unable to get local issuer certificate verify return:1 verify error:num=21:unable to verify the first certificate verify return:1 No client certificate CA names sent --- SSL handshake has read 1162 bytes and written 450 bytes --- Verify return code: 21 (unable to verify the first certificate) The same thing I got when I ran the command on local ldap server too. Are the certificates not OK? If this is so, how am I able to run ldapsearch with "ldaps" url on my local client? *THE CERTIFICATES ARE SELF SIGNED ONES. ARE THEY CREATING ISSUES FOR APACHE? * *When I had a look at the ethereal traces, I found some checksum error in Server Hello, certificate, server hello done, change cipher spec, Encrypted handshake message and Encrypted Alert message during TLS handshake. Is that a concern too?* Please comment. Regards Asimananda On Mon, Sep 21, 2009 at 6:12 PM, Peter Schober <peter.scho...@univie.ac.at>wrote: > * Asimananda Mohanty <asimananda.moha...@gmail.com> [2009-09-21 14:37]: > > Should I assume that the certificate presented to apache is not the > correct > > one? > > But the same certificate works fine when I use it on my ldap server where > > the ldap client is also installed. > > Get the ldap command line client to work on the same machine that > httpd is running on, that would be more relevant. > Probably settings things up in /etc/openldap/ldap.conf (or wherever > openldap client libs are looking, see `man ldap.conf`) will suffice. > -peter > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
