François Mehault wrote:
I contact you because I don’t succeed to configure my OpenLDAP with TLS.
First I create self signed certificate server.pem like I read on this
You should not have done that. The steps in section 4.1 of that document (Self
Signed Certificate) violate most of the best practices for certificate
management. I have asked that this section be removed from the document, it
should be disappearing from the web site soon.
|*openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout
server.pem -days 365*|
This is a terrible way to generate a server certificate. Instead you should
generate a CA, following the steps in (the current) section 4.2.
Then I add this line in slapd.conf :
Then I restart slapd. /usr/local/etc/rc.d/slapd stop , start.
And in my /var/log/debug.log I have
Jul 2 12:18:39 labobe2 slapd: main: TLS init def ctx failed: -1
Jul 2 12:18:39 labobe2 slapd: slapd destroy: freeing system
Jul 2 12:18:39 labobe2 slapd: syncinfo_free: rid=001
Jul 2 12:18:39 labobe2 slapd: slapd stopped.
I use FreeBSD 7.
If someone can help me, I appreciate, thanks in advance
Use "rc.d/slapd start -d -1" and see what error messages are printed on
stderr. syslog is useless for diagnostics.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/