--- On Thu, 7/2/09, Howard Chu hyc@symas.com wrote:
From: Howard Chu hyc@symas.com Subject: Re: TLS init def ctx failed: -1 To: "François Mehault" Francois.Mehault@netplus.fr Cc: "openldap-technical@openldap.org" openldap-technical@openldap.org Date: Thursday, July 2, 2009, 7:02 AM François Mehault wrote:
|*openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout server.pem -days 365*|
This is a terrible way to generate a server certificate. Instead you should generate a CA, following the steps in (the current) section 4.2.
What document is being referred to here? It can't be http://www.openldap.org/doc/admin/ because section 4.2. there is "Prerequisite software".
Thanks, Ken
Well I follow the section 4.2, and correct a wrong path in my slapd.conf, oups !
So now I am able to launch slapd. I test If it works with the command:
openssl s_client -connect localhost:636 -showcerts and before I change the flag in rc.conf:
slapd_flags=' -h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/ ldaps:///"'
and I can see the certificate. So it seems good. Thanks for all.
François
openldap-technical@openldap.org
-
François Mehault -
gruntler-ldap@yahoo.com