Re: Slapd TLS issue

[Philip Guenther <pguenther@proofpoint.com>]

On Thu, 6 Mar 2014, Eric Falbe wrote:
> Does anyone know where the database in the message:
> TLS: error: the certificate '/etc/pki/tls/certs/ldap.
> cassens.com.pem' could not be found in the database - error -12285:Unable
> to find the certificate or key necessary for authentication
> 
> Is located at and how I might rebuild it?

That error is specific to when openldap is built against Mozilla NSS, so 
the centos-supplied binary you're using obviously links to that.  Did you 
follow the NSS-specific instructions in the slapd-config(5) manpage?  For 
example:
       olcTLSCertificateFile: <filename>
              Specifies the file that contains the slapd server certificate.

              When using Mozilla NSS, if using a cert/key database (specified
              with olcTLSCACertificatePath), olcTLSCertificateFile specifies
              the name of the certificate to use:
                   olcTLSCertificateFile: Server-Cert
              If using a token other than the internal built in token, specify
              the token name first, followed by a colon:
                   olcTLSCertificateFile: my hardware device:Server-Cert
              Use certutil -L to list the certificates by name:
                   certutil -d /path/to/certdbdir -L

Philip Guenther