Dmitriy, No apparent problem with the certificate: openssl s_client -connect ldap2.itcs.northwestern.edu:636 -verify 10 -CAfile verisign-bundleca.crt -showcerts </dev/null Server certificate subject=/C=US/ST=Illinois/L=Evanston/O=Northwestern University/OU=Information Technology/OU=Terms of use at www.verisign.com/rpa (c)05/CN=ldap2.itcs.northwestern.edu issuer=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign --- Acceptable client certificate CA names /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign /O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)00/CN=VeriSign Time Stamping Authority CA /C=US/ST=Illinois/L=Evanston/O=Northwestern University/OU=Information Technology/CN=nuca/emailAddress=x-dong@xxxxxxxxxxxxxxxx --- SSL handshake has read 3488 bytes and written 336 bytes --- New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: 59EE2F15D822D011F814C692B6E9E28F119A38EDCB00C0D6C2DDE6D13B9F3425 Session-ID-ctx: Master-Key: D481102C39A134394D2D3162EF732DC2EC6756F8D7C95BF66D25C7EDA3F05A29039E2449321BBE33B65A35DF3A3FB14A Key-Arg : None Start Time: 1129306856 Timeout : 300 (sec) Verify return code: 0 (ok) --- DONE Craig > On Mon, Oct 17, 2005 at 11:26:51AM -0500, Craig R. Bina wrote: > > as described on the http://www.freebsd.org/cgi/query-pr.cgi?pr=86416 > > bug report. Instead, I see a successful: > > > > [notice] LDAP: Built with OpenLDAP LDAP SDK > > [notice] LDAP: SSL support available > > > > and I am already using this declaration: > > > > LDAPTrustedCAType BASE64_FILE > > Check your ldap-server certificate: > openssl verify -CAfile cacert.pem your_cert.crt > > Check CN in certificate and DNS name of ldap server. > > By. > Dmitriy --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx