[Date Prev][Date Next] [Chronological] [Thread] [Top]

encrypt ldap datas under ssl connexion: TLS: could not use certificate



Hi list,

this is my second topic :)
I'm running an openldap version 2.2.26
My server's work fine, is chrooted, but I would like crypt datas connections
over ssl.

For that I've done:

* generated the certificated

# openssl genrsa -out serverkey.pem 1024
# openssl req -new -key serverkey.pem -out servercert.req

# openssl genrsa -out cakey.pem 1024
# openssl req -new -x509 -key cakey.pem -out cacert.pem -days 365

# openssl x509 -req -in servercert.req -out servercert.pem -CA cacert.pem-CAkey
cakey.pem -days 365 -CAcreateserial
# chmod 400 serverkey.pem

* update default configuration file /etc/default/slapd

SLAPD_CONF=/etc/ldap/slapd.conf
SLAPD_USER=ldap
SLAPD_GROUP=ldap
SLAPD_PIDFILE=/var/run/slapd/slapd.pid
TRY_BDB_RECOVERY=yes
SLURPD_START=auto
SLAPD_SERVICES=" ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
SLAPD_OPTIONS=""
SLURPD_OPTIONS="

* add in server configuration file slapd.conf the server certificates
directives

TLSCACertificateFile /etc/ldap/cert/cacert.pem
TLSCertificateFile /etc/ldap/cert/servercrt.pem
TLSCertificateKeyFile /etc/ldap/cert/serverkey.pem

but each time I restart the server I've the following error

TLS: could not use certificate `/etc/ldap/cert/servercrt.pem'.
TLS: error:02001002:system library:fopen:No such file or directory
bss_file.c:349
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:351
TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
ssl_rsa.c:470
main: TLS init def ctx failed: -1
slapd stopped.

I doesn't understand why server could not use certificate. Rights access
permissions are fines...
Could you help me about the problem?
Best regards

Matthieu