Generating TSL Certificate for Slapd

Discussion in 'HOWTO-Related Questions' started by deco5003, Sep 15, 2011.

  1. deco5003

    deco5003 New Member

    After several attempt to run slapd with TLS Cert, found somebody who told me: “…If you generated them using OpenSSL, you're going to run into problems. Debian switched over to using gnutls a while ago, and it doesn't play nice with OpenSSL certificates”…
    Here are some details my syslog shows:
    tail /var/log/syslog
    Sep 15 12:05:36 dec1 slapd[5664]: @(#) $OpenLDAP: slapd 2.4.11 (Jul 24 2010 08:14:20) $#012#011@murphy:/build/buildd-openldap_2.4.11-1+lenny2-i386-H5BDjb/openldap-2.4.11/debian/build/servers/slapd
    Sep 15 12:05:37 dec1 slapd[5664]: main: TLS init def ctx failed: -1
    Sep 15 12:05:37 dec1 slapd[5664]: slapd stopped.
    Sep 15 12:05:37 dec1 slapd[5664]: connections_destroy: nothing to destroy.
    So I am going to test generating the certs with gnutls certificate generator: certtool.

    By the way does anybody knows how to install the Python-certtool?
  2. Mark_NL

    Mark_NL New Member

    For my ldap setup i used

     openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout server.pem -days 365
    to create the certificates and works just fine.

Share This Page