Hi
You have either - set permissions on the certificates/keys that do not allow slapd to read them (check also directory permissions). or - /etc/ldap/ssl/demoCA/newreq.pem is not a RSA private key. This depends on how you created your certificate. If you followed the instructions in http://www.openldap.org/faq/data/cache/185.html, you should have your certificates and keys in a separate folder. The demoCA component in your path names shows that you seem to have created the CA under /etc/ldap/ssl/demoCA, which was probably not what you wanted (hint: don't run CA.sh from /etc/ldap/ssl).
Please follow the instructions more closely and locate the following three files and verify that slapd has read access to them:
1) CA certificate 2) slapd's private key 3) slapd's certificate
kind regards /markus
Alfonsas Stonis wrote:
Dec 11 16:47:41 axew0204 slapd[434]: main: TLS init def ctx failed: -34