Unable to start slapd using SSL/TLS

[Greg Martin <gmartin@gmartin.org>]

Sorry to join just to beg for help.  Grace requested...


I have a problem trying to get slapd to start using a certificate.  The
error is :

TLS: could not load verify locations (file:`/etc/cert/cacert.pem',dir:`').
main: TLS init def ctx failed: -1
slapd stopped.

Version info:
$OpenLDAP: slapd 2.3.11 (Oct 22 2005 16:37:10)
I'm running Slackware 10.2with openssl 0.9.8a

My slapd conf has the following line:

TLSCACertificateFile /etc/cert/cacert.pem
TLSCertificateFile /etc/cert/servercrt.pem
TLSCertificateKeyFile /etc/cert/serverkey.pem


Searching the web I found many references to ensuring the correct access
to those files.
My startup command uses -u ldap -g ldap and I have /etc/cert world
readable with the following perms:

drwxr-xr-x    2 root    root       144 2005-11-15 00:17 cert/
-rwxr-xr-x  1 root root  951 2005-10-13 21:16 /etc/cert/cacert.pem
-rwxr-xr-x  1 root root 3725 2005-10-13 21:19 /etc/cert/servercrt.pem
-rwxr-xr-x  1 root root 1620 2005-10-13 21:18 /etc/cert/serverkey.pem

I also have openssl.cnf available & readable
-rwxr-xr-x  1 root root 9446 2006-02-25 17:16 openssl.cnf

I'm no Linux expert, but the following strace output see applicable:

open("/etc/cert/cacert.pem", O_RDONLY|O_LARGEFILE) = 7
fstat64(7, {st_mode=S_IFREG|0755, st_size=951, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x40460000
read(7, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 951
read(7, "", 4096)                       = 0
close(7)                                = 0
munmap(0x40460000, 4096)                = 0
write(2, "TLS: could not load verify locat"..., 75TLS: could not load
verify locations (file:`/etc/cert/cacert.pem',dir:`').
) = 75
write(2, "main: TLS init def ctx failed: -"..., 34main: TLS init def ctx
failed: -1

From what I can see the file opened correctly.  Any thoughts?

Thanks for the time & neurons.

\\Greg