Solved Openldap TLS: could not use certificate

Treebranch

New Member


Messages: 5

I am trying to setup openldap to use TLS with openssl. After following the instructions at https://www.freebsd.org/doc/handbook/network-ldap.html and fixing the permissions issues, I ran into this:
Code:
TLS: could not use certificate `/usr/local/etc/openldap/certs/cert.csr'.
TLS: error:0909006C: PEM routines:get_name:no start line /usr/src/crypto/openssl/crypto/pem/pem_lib.c:745
TLS: error:140AD009:SSL routines:SSL_CTX_use_certificate_file: PEM lib /usr/src/crypto/openssl/ssl/ssl_rsa.c:406
5d1b99ea main: TLS init def ctx failed: -1
5d1b99ea slapd destroy: freeing system resources.
5d1b99ea slapd stopped.
5d1b99ea connections_destroy: nothing to destroy.
/usr/local/etc/rc.d/slapd: WARNING: failed to start slapd
I have searched around the forum and abroad with no luck. Does anyone know what could be causing this?

Thanks!
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,345
Messages: 38,863

Code:
TLS: could not use certificate `/usr/local/etc/openldap/certs/cert.csr'
This is your certificate request, not the certificate. This request file needs to be signed by a CA. The resulting crt file is the certificate you need to load here. Once the certificate is signed, the certificate request file (*.csr) is pretty much useless and can be thrown away.
 
Top