Hi

You have either
- set permissions on the certificates/keys that do not allow slapd to read them (check also directory permissions).
or
- /etc/ldap/ssl/demoCA/newreq.pem is not a RSA private key. This depends on how you created your certificate. If you followed the instructions in http://www.openldap.org/faq/data/cache/185.html, you should have your certificates and keys in a separate folder. The demoCA component in your path names shows that you seem to have created the CA under /etc/ldap/ssl/demoCA, which was probably not what you wanted (hint: don't run CA.sh from /etc/ldap/ssl).

Please follow the instructions more closely and locate the following three files and verify that slapd has read access to them:

1) CA certificate
2) slapd's private key
3) slapd's certificate

kind regards
/markus

Alfonsas Stonis wrote:

Dec 11 16:47:41 axew0204 slapd[434]: main: TLS init def ctx failed: -34