Jonas Kellens wrote:
I am trying to configure openLDAP on Centos 6.8 with SSL.
Note that OpenLDAP builds on RHEL/CentOS are linked against libnss and you likely have to deal with certutil to prepare the cert and key DB.
My /etc/openldap/slapd.conf file has the following lines :
TLSCACertificateFile /etc/letsencrypt/live/slap01.domain.tld/fullchain.pem TLSCertificateFile /etc/letsencrypt/live/slap01.domain.tld/cert.pem TLSCertificateKeyFile /etc/letsencrypt/live/slap01.domain.tld/privkey.pem
Unfortunately, even though the config directives use the very same names, they have different meaning when linked against libnss. Personally I consider this as a serious design flaw of the libnss support.
Example (from my memory):
# *directory* with libnss DB files TLSCACertificatePath /etc/openldap/certs # key alias used for server key TLSCertificateFile server-key-alias # pass-phrase file for using key DB file TLSCertificateKeyFile /etc/openldap/certs/password
Ciao, Michael.