Thanks. There actually maybe was a problem with certificate. I simply took other certificate from apache, so I now for sure that it is correct. Now slapd started without any problems. However, I can not connect to ldap server using ssl.<br>
I am using JXplorer. I select ssl+user+password for authentication but it does not work. I am using the same client key copy as for apache. I imported it to JXplorer and added to ldap.conf (just in case). No luck :(. I assume that there is something missing in slapd configuraiton. Any ideas what to do next?<br>
<br><div class="gmail_quote">2008/12/15 Philip Guenther <span dir="ltr">&lt;<a href="mailto:guenther%2Bldapsoft@sendmail.com">guenther+ldapsoft@sendmail.com</a>&gt;</span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Mon, 15 Dec 2008, Alfonsas Stonis wrote:<br>
...<br>
<div class="Ih2E3d">&gt; Dec 15 14:28:21 axew0204 slapd[24383]: main: TLS init def ctx failed: -60<br>
<br>
</div>Why haven&#39;t you looked up those error numbers in the GNUtls docs?<br>
<br>
#define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60<br>
<br>
<br>
(If I was in your position, I would would remove OpenLDAP from the picture<br>
and work out a valid cert, key, and CAcert combo using just the tools<br>
provided by GNUtls. &nbsp;I would hope the GNUtls documentation has the<br>
necessary examples and information to do that; lacking that, I would<br>
consult the <a href="mailto:help-gnutls@gnu.org">help-gnutls@gnu.org</a> mailing list. &nbsp;Once that&#39;s worked out, you<br>
can address the OpenLDAP bits with some confidence that you&#39;re not giving<br>
it bad data.)<br>
<font color="#888888"><br>
<br>
Philip Guenther<br>
</font></blockquote></div><br>