Hi,I did run some openssl commands and here is what I saw.# openssl s_client -connect <ldap server ip>:636verify error:num=20:unable to get local issuer certificateverify return:1verify error:num=21:unable to verify the first certificateverify return:1No client certificate CA names sent---SSL handshake has read 1162 bytes and written 450 bytes---Verify return code: 21 (unable to verify the first certificate)The same thing I got when I ran the command on local ldap server too.Are the certificates not OK? If this is so, how am I able to run ldapsearch with "ldaps" url on my local client?THE CERTIFICATES ARE SELF SIGNED ONES. ARE THEY CREATING ISSUES FOR APACHE?When I had a look at the ethereal traces, I found some checksum error in Server Hello, certificate, server hello done, change cipher spec, Encrypted handshake message and Encrypted Alert message during TLS handshake. Is that a concern too?Please comment.RegardsAsimanandaOn Mon, Sep 21, 2009 at 6:12 PM, Peter Schober <peter.schober@xxxxxxxxxxxx> wrote:
* Asimananda Mohanty <asimananda.mohanty@xxxxxxxxx> [2009-09-21 14:37]:
> Should I assume that the certificate presented to apache is not the correctGet the ldap command line client to work on the same machine that
> one?
> But the same certificate works fine when I use it on my ldap server where
> the ldap client is also installed.
httpd is running on, that would be more relevant.
Probably settings things up in /etc/openldap/ldap.conf (or wherever
openldap client libs are looking, see `man ldap.conf`) will suffice.
-peter
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|