I'm pretty confused, because my clients are setup with almost identical configs, and the server(localhost), and one of my client PC's can connect and use SSL (ldapsearch -H ldaps://heracross.corpedia.internal/ -b dc=corpedia,dc=internal -x -Z), and it returns the correct results, and I can see it using TLS in the slapd log.
I copied the same configs to both boxes
/etc/ldap.conf ---- #host heracross.corpedia.internal
base dc=corpedia,dc=internal uri heracross.corpedia.internalheracross.corpedia.internal ldap://heracross.corpedia.internal/ binddn cn=root,dc=corpedia,dc=internal bindpw ***************** scope sub bind_policy hard nss_base_passwd dc=corpedia,dc=internal?sub nss_base_shadow dc=corpedia,dc=internal?sub nss_base_group dc=corpedia,dc=internal?sub pam_password md5
ssl yes tls_cacertdir /etc/openldap/cacerts -----
I see the following in my slapd error log as I connect as one of the nonworking boxes
root@kyle-laptop:/etc/ldap# ldapsearch -H ldaps://heracross.corpedia.internal/ -b dc=corpedia,dc=internal -x -Z ldap_start_tls: Can't contact LDAP server (-1) ldap_bind: Can't contact LDAP server (-1) ----- connection_get(14): got connid=25 connection_read(14): checking for input on id=25 TLS trace: SSL_accept:before/accept initialization TLS: can't accept. connection_read(14): TLS accept failure error=-1 id=25, closing connection_closing: readying conn=25 sd=14 for close connection_close: conn=25 sd=14 -----
Here is a nopaste link for my slapd.conf file http://rafb.net/p/NHjV1a33.html