httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <cove...@gmail.com>
Subject Re: [users@httpd] mod_authnz_ldap and SSL
Date Wed, 17 Oct 2007 17:01:07 GMT
On 10/17/07, Alexander Fortin <alieno@it.net.au> wrote:
>
> <IfModule util_ldap.c>
>          LDAPTrustedGlobalCert CA_BASE64 /etc/ssl/certs/cacert.pem
>          LDAPTrustedMode SSL
>          LDAPVerifyServerCert off
> </IfModule>

Wireshark will format the initial stages of the handshake pretty
nicely, you might see something fishy or a plaintext SSL Alert.

Can openssl handshake w/ the ldap server?  Is its cert  issued by that
cacert.pem?  Can openssl validate the cert chain when you give it that
same cacert.pem?


-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message