Outgoing SSL problem

Jari Majander jari.majander at gmail.com
Wed Jul 12 13:35:41 CEST 2006


On 7/11/06, Jason Stelzer <cynic at elitistbastard.com> wrote:
> Depending on operating system you'll need to figure out where your
> list of trusted certs is kept and append the PEM format of your CA to
> it.

That's exactly what my question is about. I'm using Apache 2 on Ubuntu
and Red Hat. I assumed PHP relies on Apache 2 for management of
trusted peers (does it?). In mods-available/ssl.conf I have the following
directive

   SSLCACertificateFile  /etc/apache2/ssl/cacerts.pem

This directive is visible also via symbolic link from mods-enabled.
However, appending the OpenLDAP server's self-signed certificate
in PEM format in cacerts.pem didn't work, whereas openssl s_client
with the same cert file works just fine.

If I tethereal port 636 in my OpenLDAP server, then TLS handshaking
looks fine as far as I can tell... I need more time to investigate the matter.
Anyway, thanks for your replies.

-- jari




More information about the users mailing list