The document also references port 636 instead of STARTTLS. Considering someone's already tagged it as "obsolete", I vote for removal.
On Thu, Jul 2, 2009 at 4:54 AM, Howard Chu <h...@symas.com> wrote: > We need to either remove this document from the web site, or remove the > part that tells how to create a self-signed server cert. Anyone deploying > TLS with their own certs should be creating their own CA separately from > their server certs. And telling folks to create cert files where the private > key is included in the same file is utterly irresponsible. > > > -------- Original Message -------- > Subject: TLS init def ctx failed: -1 > Date: Thu, 2 Jul 2009 12:39:21 +0200 > From: François Mehault <francois.meha...@netplus.fr> > To: openldap-techni...@openldap.org <openldap-techni...@openldap.org> > > > > Hi all > > I contact you because I don’t succeed to configure my OpenLDAP with TLS. > > First I create self signed certificate server.pem like I read on this > page http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#5.1.1 in > /usr/local/etc/openldap/tls. > > |*openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout > server.pem -days 365*| > > |* *| > > Then I add this line in slapd.conf : > > TLSCertificateFile /usr/local/etc/openldap/tls/server.pem > > TLSCertificateKeyFile /usr/local/etc/openldap/tls/server.pem > > TLSCACertificateFile /usr/local/etc/opendldap/tls/server.pem > > TLSVerifyClient never > > Then I restart slapd. /usr/local/etc/rc.d/slapd stop , start. > > And in my /var/log/debug.log I have > > Jul 2 12:18:39 labobe2 slapd[97816]: main: TLS init def ctx failed: -1 > > Jul 2 12:18:39 labobe2 slapd[97816]: slapd destroy: freeing system > resources. > > Jul 2 12:18:39 labobe2 slapd[97816]: syncinfo_free: rid=001 > > Jul 2 12:18:39 labobe2 slapd[97816]: slapd stopped. > > I use FreeBSD 7. > > If someone can help me, I appreciate, thanks in advance > > Regards, > > François > >
