Okay, I think I've found the spot in ssl.conf but when I point the commands at /usr/local/apache2/conf/ssl.crt/cert7.db and try starting up the server it complains with:
[error] Unable to configure verify locations for client authentication and will not start. Here's the entry in ssl.conf that I'm using: SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/cert7.db I've also tried the following: SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/server.crt which is not a valid (?) CA cert I suppose but one I created with OpenSSL but it doesn't like that one and complains in the error_log when trying to authenticate at the site with the following: URI /secure [secure LDAP requested, but no CA cert defined][Unknown error] And when I start the server I get a warning (?) : [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) Can anyone point me to where I can get/make a CA cert that will work with our Netscrape LDAP server? Thanks! -- Trev Trevor Hurst wrote: > > Well, after successfully compiling auth_ldap with the > OpenLDAP libs I found that it doesn't jive well with > our Netscape LDAP server.. > > So... I finally rebuilt with the Netscape4-LDAP-SDK > libs.. > > Since then I received the following error: > > [Tue Mar 11 00:42:19 2003] [warn] [client 134.15.0.112] [1667653] > auth_ldap authenticate: user 25145 authentication failed; URI > /secure/finance/FA/search.jsp [secure LDAP requested, but no CA cert > defined][Unknown error], referer:http:// > > So, I then placed my cert7.db file in APACHE2/conf directory and pointed > it > to the cert db file by using the following in my httpd.conf: > > Syntax error on line 1073 of /usr/local/apache2/conf/httpd.conf: > Invalid command 'AuthLDAPStartTLS', perhaps mis-spelled or defined by a > module not included in the server configuration > > auth_ldap was built statically into the core and not ran as a mod. > > Is there a different command used for Apache2 to load the cert7.db file > now? > > It worked for our older 1.3 apache.. > > Thanks, > > -- Trev > > --
