RE: TLS error on startup

Brian:

Check the permission of your cert and key files.

Thanks a lot!

Yan

From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Brian Empson Sent: Tuesday, September 25, 2012 9:20 PM To: openldap-technical@openldap.org Subject: TLS error on startup

Hello,

I'm having an issue starting up slapd with TLS enabled. I tried to search for the error code but I couldn't find any GnuTLS error codes that match. Here are the log entries that appear:

Sep 25 21:07:05 dir0 slapd[15018]: main: TLS init def ctx failed: -1 Sep 25 21:07:05 dir0 slapd[15018]: DIGEST-MD5 common mech free Sep 25 21:07:05 dir0 slapd[15018]: slapd stopped. Sep 25 21:07:05 dir0 slapd[15018]: connections_destroy: nothing to destroy.

Is there a way to check and see if this build is enabled with TLS support? I installed it from a package manager rather than compiling it. Here are the TLS portions of the config:

# SSL TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /etc/ssl/ca.pem TLSCertificateFile /etc/openldap/ssl/server.pem TLSCertificateKeyFile /etc/openldap/ssl/server.key TLSVerifyClient demand

Here are the files listed: (I changed the permissions during troubleshooting)

[09/25/12 9:16PM][root@dir0 /etc/openldap]# ls -lah ssl total 12 drw------- 2 _openldap _openldap 512B Sep 25 19:59 . drwxr-xr-x 4 root wheel 512B Sep 25 19:54 .. -rwxrwxrwx 1 _openldap _openldap 3B Sep 25 20:08 digits.srl -rwxrwxrwx 1 _openldap _openldap 887B Sep 25 19:56 server.key -rwxrwxrwx 1 _openldap _openldap 904B Sep 25 20:08 server.pem -rwxrwxrwx 1 _openldap _openldap 684B Sep 25 19:57 server.req

[09/25/12 9:16PM][root@dir0 /etc/openldap]# ls -lah /etc/ssl total 170 drwxr-xr-x 4 root wheel 512B Sep 25 19:52 . drwxr-xr-x 27 root wheel 2.5K Sep 24 20:50 .. -rw-r--r-- 1 root wheel 912B Sep 23 16:30 ca.crt -rw-r--r-- 1 root wheel 912B Sep 25 19:52 ca.pem -rw-r--r-- 1 root wheel 17B Sep 23 17:51 ca.srl -r--r--r-- 1 root bin 147K Feb 12 2012 cert.pem drwxr-xr-x 2 root wheel 512B Feb 12 2012 lib -r--r--r-- 1 root bin 1.6K Feb 12 2012 openssl.cnf drwx------ 2 root wheel 512B Sep 23 16:29 private -rw-r--r-- 1 root wheel 1.0K Sep 25 19:52 privkey.pem -r--r--r-- 1 root bin 1005B Feb 12 2012 x509v3.cnf

Is this an issue with the build I'm running? (SSL not enabled or?)

Thanks! Brian