Certificate problems with Apache LDAPS access

certificate apache-2.2 ssl svn ldap

Yours is not a self-signed certificate. If it were, the following "Subject" and "Issuer" would have been identical.

Server certificate
subject=/CN=myldap.xyz.edu
issuer=/DC=edu/DC=xyz/CN=myldap

This is most likely the reason why you cannot properly get it verified - the certificate that openssl s_client -showcerts shows on the screen is not the CA certificate.

Just to double check, try running the following commands.

openssl x509 -noout -issuer_hash < /etc/ssl/....pem

openssl x509 -noout -hash < /etc/ssl/....pem

If the two hashes are different, then it is not a self-signed certificate. If that is the case (as I suspect) your only option would be to get the issuing CA certificate somehow. Try asking the Active Directory admins for it and do what you already did when you get it - dump it into /etc/ssl/certs and run c_rehash.

And when you get the certificate, do run openssl x509 -noout -hash and make sure it matches the -issuer_hash of the LDAP certificate.

Related

AWS Override VPC DHCP - Additional Option Sets for RRAS VPN Clients
How to configure PFSense firewall with external transparent Squid proxy?
Connect to websocket server without specifying port
Which hardware for an entreprise router/firewall/content filter/proxy on a single server [closed]
WPA2 Enterprise - Validating Identity
How to reliably list ephemeral storage of an AWS instance?
Reverse DNS does not match SMTP Banner
iptables question: forwarding port x to an ssh port of different machine on the network
(111: Connection refused) while connecting to upstream - Opsworks Rails 4
How does the LeftHand SAN perform in a Production environment?
rsyslog server - Can you split up and organize logs?
How to delete files older than 30 days with robocopy?