[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP w/ SSL cert signed by Network Solutions

To: Jeff Lebo <jeflebo@outlook.com>
Subject: Re: OpenLDAP w/ SSL cert signed by Network Solutions
From: Dan White <dwhite@cafedemocracy.org>
Date: Mon, 20 Oct 2014 13:32:33 -0500
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-disposition: inline
In-reply-to: <BLU177-W31893791D8A658AD522BB5B1970@phx.gbl>
References: <CAALdBudT2HCB42JWoEk_cekNqn+YBuXohtFzaMVzoAvYPQLgXA@mail.gmail.com> <BLU177-W31893791D8A658AD522BB5B1970@phx.gbl>
User-agent: Mutt/1.5.23 (2014-03-12)

On 10/20/14 11:12 -0700, Jeff Lebo wrote:

Running openldap-2.4.31 on Ubuntu 14.04.1 LTS compiled with gnutls.

I created a local key and CSR using certtool:

server.csr
server.key

I was then issued the following from Network Solutions:

AddTrustExternalCARoot.crt
hostname.domain.com.crt
NetworkSolutions_CA.crt
UTNAddTrustServer_CA.crt

I added the following to slapd.conf:

TLSCertificateFile /etc/ldap/certs/hostname.domain.com.crt
TLSCertificateKeyFile /etc/ldap/certs/server.key
TLSCACertificateFile /etc/ldap/certs/NetworkSolutions_CA.crt

...and I now get the following error when I try to start slapd:

Oct 20 10:49:58 hostname slapd[3476]: main: TLS init def ctx failed: -1


Can someone point me in the right direction as to what I am missing here?


Google for "TLS init def ctx failed: -1". A common cause of this error is a
permissions problem.

--
Dan White

References:
- Problem with chain overlay
  - From: "Elmopi, Stefano" <stefano.elmopi@sociale.it>
- OpenLDAP w/ SSL cert signed by Network Solutions
  - From: Jeff Lebo <jeflebo@outlook.com>

Prev by Date: Re: OpenLDAP w/ SSL cert signed by Network Solutions
Next by Date: Re: Synchronizing two mirror mode clusters
Index(es):
- Chronological
- Thread