Hello

I am trying to configure openLDAP on Centos 6.8 with SSL.

LDAP version : @(#) $OpenLDAP: slapd 2.4.40 (May 10 2016 23:30:49) $ mockbuild@worker1.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.40/openldap-2.4.40/build-servers/servers/slapd

LDAP service is running with ldaps:// support :

ps -ef | grep slap ldap     22182     1  0 20:07 ?        00:00:00 /usr/sbin/slapd -h  ldap:/// ldaps:/// ldapi:/// -u ldap root     22193 22118  0 20:07 pts/0    00:00:00 grep slap

netstat -plane | grep 636 tcp        0      0 0.0.0.0:636 0.0.0.0:*                   LISTEN      0          45649460 22182/slapd tcp        0      0 :::636 :::*                        LISTEN      0          45649461 22182/slapd

When I try to do an LDAP search, it fails to connect and the log shows :

Dec 31 13:02:12 slap01 slapd[23776]: conn=1119 fd=13 ACCEPT from IP=xx.xx.xx.xx:45426 (IP=0.0.0.0:636) Dec 31 13:02:12 slap01 slapd[23776]: conn=1119 fd=13 closed (TLS negotiation failure)

My /etc/openldap/slapd.conf file has the following lines :

TLSCACertificateFile /etc/letsencrypt/live/slap01.domain.tld/fullchain.pem TLSCertificateFile /etc/letsencrypt/live/slap01.domain.tld/cert.pem TLSCertificateKeyFile /etc/letsencrypt/live/slap01.domain.tld/privkey.pem

What else do I need to make openLDAP work with my let's encrypt SSL-certificate ?

I've tried adding :

TLSCACertificatePath /usr/share/pki/ca-trust-source

But no success.

Kind regards

Jonas.