[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Fwd: TLS init def ctx failed: -1
- To: OpenLDAP Devel <openldap-devel@openldap.org>
- Subject: Fwd: TLS init def ctx failed: -1
- From: Howard Chu <hyc@symas.com>
- Date: Thu, 02 Jul 2009 03:54:04 -0700
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.1b5pre) Gecko/20090630 SeaMonkey/2.0a1pre Firefox/3.0.3
We need to either remove this document from the web site, or remove the part
that tells how to create a self-signed server cert. Anyone deploying TLS with
their own certs should be creating their own CA separately from their server
certs. And telling folks to create cert files where the private key is
included in the same file is utterly irresponsible.
-------- Original Message --------
Subject: TLS init def ctx failed: -1
Date: Thu, 2 Jul 2009 12:39:21 +0200
From: François Mehault <Francois.Mehault@netplus.fr>
To: openldap-technical@openldap.org <openldap-technical@openldap.org>
Hi all
I contact you because I don’t succeed to configure my OpenLDAP with TLS.
First I create self signed certificate server.pem like I read on this
page http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#5.1.1 in
/usr/local/etc/openldap/tls.
|*openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout
server.pem -days 365*|
|* *|
Then I add this line in slapd.conf :
TLSCertificateFile /usr/local/etc/openldap/tls/server.pem
TLSCertificateKeyFile /usr/local/etc/openldap/tls/server.pem
TLSCACertificateFile /usr/local/etc/opendldap/tls/server.pem
TLSVerifyClient never
Then I restart slapd. /usr/local/etc/rc.d/slapd stop , start.
And in my /var/log/debug.log I have
Jul 2 12:18:39 labobe2 slapd[97816]: main: TLS init def ctx failed: -1
Jul 2 12:18:39 labobe2 slapd[97816]: slapd destroy: freeing system
resources.
Jul 2 12:18:39 labobe2 slapd[97816]: syncinfo_free: rid=001
Jul 2 12:18:39 labobe2 slapd[97816]: slapd stopped.
I use FreeBSD 7.
If someone can help me, I appreciate, thanks in advance
Regards,
François