In this version(2.2.14) of Apache it is important to know the trusted global cert is a fairly new setting. Some blogs still referenced an older setting that is not valid with this version.
I took the default httpd.conf and added a url that I wanted protected with an LDAP authentication.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
####Here are the pieces I added.
LDAPTrustedGlobalCert CA_BASE64 /opt/app/apache2/conf/certs/LDAP/iis-root.cer
LDAPVerifyServerCert On #If you use this set to OFF it is not valid for production environments.
AuthName "LDAP Protected"
AuthLDAPBindDN "cn=directory manager" #I also don't suggest you use this account!!
###End of File
My notes are this. Make sure you use the LDAPVerifyServerCert set to On. Using this set to Off allows any certificate to be used and pretty much defeats the purpose of SSL. Although you may have encryption you won't know who you are talking with that set incorrectly.
I did not have any luck when I wanted to trust a single individual certificate. I tried pulling the LDAP server's certificate from a Sun LDAP Directory but Apache would never seem to trust an individual certificate no matter what setting I used.
I then changed the Sun LDAP Directory Server Certificate to use a certificate from a CA. That worked. It was even a Microsoft CA, Sun LDAP, and Apache using the OpenSSL libraries for connectivity.