Thanks. There actually maybe was a problem with certificate. I simply took
other certificate from apache, so I now for sure that it is correct. Now
slapd started without any problems. However, I can not connect to ldap
server using ssl.
I am using JXplorer. I select ssl+user+password for authentication but it
does not work. I am using the same client key copy as for apache. I imported
it to JXplorer and added to ldap.conf (just in case). No luck :(. I assume
that there is something missing in slapd configuraiton. Any ideas what to do
next?
2008/12/15 Philip Guenther
<guenther+ldapsoft@sendmail.com<guenther%2Bldapsoft@sendmail.com
> On Mon, 15 Dec 2008, Alfonsas Stonis wrote:
> ...
> > Dec 15 14:28:21 axew0204 slapd[24383]: main: TLS init def ctx failed: -60
> Why haven't you looked up those error numbers in the
GNUtls docs?
> #define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60
> (If I was in your position, I
would would remove OpenLDAP from the picture
> and work out a valid cert, key, and CAcert combo using just the tools
> provided by GNUtls. I would hope the GNUtls documentation has the
> necessary examples and information to do that; lacking that, I would
> consult the help-gnutls(a)gnu.org mailing list. Once that's worked out, you
> can address the OpenLDAP bits with some confidence that you're not giving
> it bad data.)
> Philip Guenther