Shibboleth Developers

steadily moving forward......

I've  got apache + tomcat running on my solaris box, and a shiborigin 
+ target running  (on the same box).

Apache/mod_ssl is using a cert from bossie; the shib origin + target 
are both using the distributed config  files (ie the localhost 
examples)  (with a smalll number of edits to the target side, as 
noted in previous emails).

I'm now getting this in my shar.log, when trying to connect to the AA:

 2004-06-21 16:49:04 ERROR OpenSSL [2] session_is_valid preFetch 
populate getNewResponse send send: verify_callback error: unable to 
get local issuer certificate
2004-06-21 16:49:04 ERROR SAML.SAMLSOAPBinding [2] session_is_valid 
preFetch populate getNewResponse send send: failed while contacting 
SAML responder: SSL certificate problem, verify that the CA cert is OK
2004-06-21 16:49:04 ERROR Shibboleth.ShibBinding [2] session_is_valid 
preFetch populate getNewResponse send: caught SAML exception during 
SAML attribute query: SAMLSOAPBinding::send() failed while contacting 
SAML responder: SSL certificate problem, verify that the CA cert is OK
2004-06-21 16:49:04 ERROR shibtarget::InternalCCacheEntry [2] 
session_is_valid preFetch populate getNewResponse: caught SAML 
exception during query to AA: ShibBinding::send() unable to 
successfully complete attribute query

I'm guessing this is because when the Shar contacts my AA over https, 
apache responds with the bossie cert... which the shar can't validate?

so.... I should have apache/mod_ssl use the temp key/cert that  come 
in the distribution?