Robert Heller wrote:
All of the how tos I am finding (including RedHat's!) don't talk about MozNSS.
Unfortunately the libnss wrapper code re-uses the directives TLSCACertificatePath, TLSCertificateFile and TLSCertificateKeyFile in a different way.
So when using the RHEL/CentOS packages linked to libnss you should read slapd.conf(5) or slapd-config(5) more carefully, especially the text after "When using Mozilla NSS..".
Ciao, Michael.
P.S.: I consider this abuse of well-known TLS config directives for other purposes to be a real deficiency of the crypto lib wrappers for libnss and GnuTLS. Library-specific configuration options should be just that: Library-specific with their own specific name.