So.. now i have tested an ldap conection over openssl
the command is openssl s_client -connect xxx.xxx.xxx.xxx:636 it comes the following: CONNECTED(00000003) --- Certificate chain 0 s:/CN=xxx.xxx.local i:/CN=xxxx.xxxx.local --- Server certificate -----BEGIN CERTIFICATE----- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -----END CERTIFICATE----- subject=/CN=xxx.xxx.local issuer=/CN=xxxx.xxxx.local --- Acceptable client certificate CA names /DC=local/DC=xxx/CN=xxxx-xxxx-CA /CN=CAxxx /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root /C=DE/ST=none/L=none/O=SBA/CN=xxx.xxx.local /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority /DC=com/DC=microsoft/CN=Microsoft Root Certificate Authority /CN=NT AUTHORITY --- SSL handshake has read 1754 bytes and written 459 bytes --- New, TLSv1/SSLv3, Cipher is AES128-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES128-SHA Session-ID: 324i0ßi0ß234i0ß234i0ß234i0ß234230i0ß234E6235DF2B6863A365ABB04043 Session-ID-ctx: Master-Key: 000000000000000000000000000000000000000000000529CE6AA71521FCA6A6E5C73446B201651FD2F8 Key-Arg : None Start Time: 1305192634 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- Whas does the return code reveal? best regards john s. -- View this message in context: http://old.nabble.com/RT-Authen%3A-External-Auth-won%27t-work-over-ssl-tp31594799p31602076.html Sent from the Request Tracker - User mailing list archive at Nabble.com.