On 7/11/06, Jason Stelzer cynic@elitistbastard.com wrote:
Depending on operating system you'll need to figure out where your list of trusted certs is kept and append the PEM format of your CA to it.
That's exactly what my question is about. I'm using Apache 2 on Ubuntu and Red Hat. I assumed PHP relies on Apache 2 for management of trusted peers (does it?). In mods-available/ssl.conf I have the following directive
SSLCACertificateFile /etc/apache2/ssl/cacerts.pem
This directive is visible also via symbolic link from mods-enabled. However, appending the OpenLDAP server's self-signed certificate in PEM format in cacerts.pem didn't work, whereas openssl s_client with the same cert file works just fine.
If I tethereal port 636 in my OpenLDAP server, then TLS handshaking looks fine as far as I can tell... I need more time to investigate the matter. Anyway, thanks for your replies.
-- jari