[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
encrypt ldap datas under ssl connexion: TLS: could not use certificate
- To: openldap-software@OpenLDAP.org
- Subject: encrypt ldap datas under ssl connexion: TLS: could not use certificate
- From: Matthieu <ermelir@gmail.com>
- Date: Tue, 25 Apr 2006 16:01:33 +0200
- Content-disposition: inline
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=fczNPXYJjyJPDdXh+B4hvEIB6vqGFRzW+f8DDkmhNjUvUB5hSK9RO9j/cSC0pNwl3Pa0l/KfS+jsgBtj8SnDMSy1rN2rgisXjNeuoox7fyumv3EHiIsuUPTJek1jpGyp/LguNgjd0Yrg1fcV/lClc7kU0uF0izXTwMt91q6ElH4=
Hi list,
this is my second topic :)
I'm running an openldap version 2.2.26
My server's work fine, is chrooted, but I would like crypt datas connections
over ssl.
For that I've done:
* generated the certificated
# openssl genrsa -out serverkey.pem 1024
# openssl req -new -key serverkey.pem -out servercert.req
# openssl genrsa -out cakey.pem 1024
# openssl req -new -x509 -key cakey.pem -out cacert.pem -days 365
# openssl x509 -req -in servercert.req -out servercert.pem -CA cacert.pem-CAkey
cakey.pem -days 365 -CAcreateserial
# chmod 400 serverkey.pem
* update default configuration file /etc/default/slapd
SLAPD_CONF=/etc/ldap/slapd.conf
SLAPD_USER=ldap
SLAPD_GROUP=ldap
SLAPD_PIDFILE=/var/run/slapd/slapd.pid
TRY_BDB_RECOVERY=yes
SLURPD_START=auto
SLAPD_SERVICES=" ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
SLAPD_OPTIONS=""
SLURPD_OPTIONS="
* add in server configuration file slapd.conf the server certificates
directives
TLSCACertificateFile /etc/ldap/cert/cacert.pem
TLSCertificateFile /etc/ldap/cert/servercrt.pem
TLSCertificateKeyFile /etc/ldap/cert/serverkey.pem
but each time I restart the server I've the following error
TLS: could not use certificate `/etc/ldap/cert/servercrt.pem'.
TLS: error:02001002:system library:fopen:No such file or directory
bss_file.c:349
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:351
TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
ssl_rsa.c:470
main: TLS init def ctx failed: -1
slapd stopped.
I doesn't understand why server could not use certificate. Rights access
permissions are fines...
Could you help me about the problem?
Best regards
Matthieu