Hi All, Finally, I am able to solve the issue. I just replaced the IP address used in AuthLDAPUrl with the hostname that has been used during creating the certificate (CN) and that worked for me.
Thank you very much for all the support. Regards Asimananda On Tue, Sep 22, 2009 at 12:23 PM, Asimananda Mohanty < asimananda.moha...@gmail.com> wrote: > Hi, > > I did run some openssl commands and here is what I saw. > > # openssl s_client -connect <ldap server ip>:636 > > verify error:num=20:unable to get local issuer certificate > verify return:1 > > verify error:num=21:unable to verify the first certificate > verify return:1 > > No client certificate CA names sent > --- > SSL handshake has read 1162 bytes and written 450 bytes > --- > Verify return code: 21 (unable to verify the first certificate) > > > The same thing I got when I ran the command on local ldap server too. > > Are the certificates not OK? If this is so, how am I able to run ldapsearch > with "ldaps" url on my local client? > > *THE CERTIFICATES ARE SELF SIGNED ONES. ARE THEY CREATING ISSUES FOR > APACHE?* > > *When I had a look at the ethereal traces, I found some checksum error in > Server Hello, certificate, server hello done, change cipher spec, Encrypted > handshake message and Encrypted Alert message during TLS handshake. Is that > a concern too?* > > Please comment. > > Regards > Asimananda > > > On Mon, Sep 21, 2009 at 6:12 PM, Peter Schober <peter.scho...@univie.ac.at > > wrote: > >> * Asimananda Mohanty <asimananda.moha...@gmail.com> [2009-09-21 14:37]: >> > Should I assume that the certificate presented to apache is not the >> correct >> > one? >> > But the same certificate works fine when I use it on my ldap server >> where >> > the ldap client is also installed. >> >> Get the ldap command line client to work on the same machine that >> httpd is running on, that would be more relevant. >> Probably settings things up in /etc/openldap/ldap.conf (or wherever >> openldap client libs are looking, see `man ldap.conf`) will suffice. >> -peter >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP Server Project. >> See <URL:http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> " from the digest: users-digest-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> >
