-------- Original Message -------- Subject: TLS init def ctx failed: -1 Date: Thu, 2 Jul 2009 12:39:21 +0200 From: François Mehault <francois.meha...@netplus.fr> To: openldap-techni...@openldap.org <openldap-techni...@openldap.org> Hi all I contact you because I don’t succeed to configure my OpenLDAP with TLS. First I create self signed certificate server.pem like I read on this page http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#5.1.1 in /usr/local/etc/openldap/tls. |*openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout server.pem -days 365*| |* *| Then I add this line in slapd.conf : TLSCertificateFile /usr/local/etc/openldap/tls/server.pem TLSCertificateKeyFile /usr/local/etc/openldap/tls/server.pem TLSCACertificateFile /usr/local/etc/opendldap/tls/server.pem TLSVerifyClient never Then I restart slapd. /usr/local/etc/rc.d/slapd stop , start. And in my /var/log/debug.log I have Jul 2 12:18:39 labobe2 slapd[97816]: main: TLS init def ctx failed: -1 Jul 2 12:18:39 labobe2 slapd[97816]: slapd destroy: freeing system resources. Jul 2 12:18:39 labobe2 slapd[97816]: syncinfo_free: rid=001 Jul 2 12:18:39 labobe2 slapd[97816]: slapd stopped. I use FreeBSD 7. If someone can help me, I appreciate, thanks in advance Regards, François
We need to either remove this document from the web site, or remove the part
that tells how to create a self-signed server cert. Anyone deploying TLS with
their own certs should be creating their own CA separately from their server
certs. And telling folks to create cert files where the private key is
included in the same file is utterly irresponsible.
- Fwd: TLS init def ctx failed: -1 Howard Chu
- Re: TLS init def ctx failed: -1 Matt Kassawara
