Brian:

 

Check the permission of your cert and key files.

 

Thanks a lot!

 

Yan

 

 

From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Brian Empson
Sent: Tuesday, September 25, 2012 9:20 PM
To: openldap-technical@openldap.org
Subject: TLS error on startup

 

Hello,

I'm having an issue starting up slapd with TLS enabled. I tried to search for the error code but I couldn't find any GnuTLS error codes that match. Here are the log entries that appear:

Sep 25 21:07:05 dir0 slapd[15018]: main: TLS init def ctx failed: -1
Sep 25 21:07:05 dir0 slapd[15018]: DIGEST-MD5 common mech free
Sep 25 21:07:05 dir0 slapd[15018]: slapd stopped.
Sep 25 21:07:05 dir0 slapd[15018]: connections_destroy: nothing to destroy.

Is there a way to check and see if this build is enabled with TLS support? I installed it from a package manager rather than compiling it. Here are the TLS portions of the config:

# SSL
TLSCipherSuite  HIGH:MEDIUM:+SSLv2
TLSCACertificateFile    /etc/ssl/ca.pem
TLSCertificateFile      /etc/openldap/ssl/server.pem
TLSCertificateKeyFile   /etc/openldap/ssl/server.key
TLSVerifyClient demand

Here are the files listed: (I changed the permissions during troubleshooting)

[09/25/12  9:16PM][root@dir0 /etc/openldap]# ls -lah ssl
total 12
drw-------  2 _openldap  _openldap   512B Sep 25 19:59 .
drwxr-xr-x  4 root       wheel       512B Sep 25 19:54 ..
-rwxrwxrwx  1 _openldap  _openldap     3B Sep 25 20:08 digits.srl
-rwxrwxrwx  1 _openldap  _openldap   887B Sep 25 19:56 server.key
-rwxrwxrwx  1 _openldap  _openldap   904B Sep 25 20:08 server.pem
-rwxrwxrwx  1 _openldap  _openldap   684B Sep 25 19:57 server.req

[09/25/12  9:16PM][root@dir0 /etc/openldap]# ls -lah /etc/ssl
total 170
drwxr-xr-x   4 root  wheel   512B Sep 25 19:52 .
drwxr-xr-x  27 root  wheel   2.5K Sep 24 20:50 ..
-rw-r--r--   1 root  wheel   912B Sep 23 16:30 ca.crt
-rw-r--r--   1 root  wheel   912B Sep 25 19:52 ca.pem
-rw-r--r--   1 root  wheel    17B Sep 23 17:51 ca.srl
-r--r--r--   1 root  bin     147K Feb 12  2012 cert.pem
drwxr-xr-x   2 root  wheel   512B Feb 12  2012 lib
-r--r--r--   1 root  bin     1.6K Feb 12  2012 openssl.cnf
drwx------   2 root  wheel   512B Sep 23 16:29 private
-rw-r--r--   1 root  wheel   1.0K Sep 25 19:52 privkey.pem
-r--r--r--   1 root  bin    1005B Feb 12  2012 x509v3.cnf

Is this an issue with the build I'm running? (SSL not enabled or?)

Thanks!
Brian