[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Openldap slapd server -> TLS: could not use key file ????
- To: "Mailing list OpenLdap" <openldap-software@OpenLDAP.org>, "Craig Squires" <csquires@math.mun.ca>
- Subject: RE: Openldap slapd server -> TLS: could not use key file ????
- From: "Yves Robin" <yves@reefedge.com>
- Date: Mon, 27 May 2002 19:52:10 +0200
- Importance: Normal
- In-reply-to: <Pine.LNX.4.44.0205271307060.28748-100000@telos.math.mun.ca>
Everything is owned by root.
slapd is run as root.
Actually, myServer.pem is stored under /etc/openldap.
Yves
> -----Original Message-----
> From: Craig Squires [mailto:csquires@math.mun.ca]
> Sent: Monday, May 27, 2002 5:41 PM
> To: Yves Robin
> Subject: Re: Openldap slapd server -> TLS: could not use key file ????
>
>
> If your slapd runs as a user other than root, myServer.pem has to be owned
> by that user... When you say "placed in..." below, do you mean
> you included
> the contents of the pem in your slapd.conf file? Usually the
> certificate is
> kept in /etc/openldap/certs/ or somewhere like that. Regardless,
> everything
> has to be owned by the user that slapd runs as.
>
> Craig
>
> On Mon, 27 May 2002, Yves Robin wrote:
>
> >
> > I am trying to start the slapd server with SSl/TSL support on
> both ports 389
> > and 636 with:
> >
> > slapd -d 255 -f /etc/openldap/slapd.conf -h ldap:/// -h ldaps:///
> >
> > But after parsing all the ldap schemes (correct), then here is
> what happens.
> >
> > ......
> > line 71 (TLSCertificateFile /etc/openldap/myServer.pem)
> > line 72 (TLSCertificateKeyFile /etc/openldap/myServer.pem)
> > line 73 (TLSCACertificateFile /etc/openldap/myServer.pem)
> > TLS: could not use key file `/etc/openldap/reefedgeServer.pem'.
> > TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line
> pem_lib.c:662
> > TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line
> pem_lib.c:662
> > TLS: error:140B0009:SSL
> routines:SSL_CTX_use_PrivateKey_file:missing asn1
> > eos ssl_rsa.c:707
> > slapd shutdown: freeing system resources.
> > slapd stopped.
> > connections_destroy: nothing to destroy.
> >
> > About myServer.pem, it has been generated by:
> >
> > openssl req -new -x509 -nodes -out myServer.pem
> >
> > and placed in /etc/openldap/slapd.conf
> >
> > Any idea ?
> > Thanks.
> >
> > Yves
> >
>
> --
> ........................................................................
> $Id: mathdeptsysadmin,v 2.0 Mon May 27 13:00:19 2002 Craig Squires Exp $
> Your excuse is: non-redundant fan failure
> [Excuse courtesy of The BOFH-style Excuse Server: nc riemann excuses]