[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-technical
Subject: RE: TLS error on startup
From: Yan Gong <yan () fabric ! com>
Date: 2012-09-26 12:12:07
Message-ID: 004701cd9be0$94bac4a0$be304de0$ () fabric ! com
[Download RAW message or body]
["attachment.htm" (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" \
CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 \
(filtered medium)"><style><!-- /* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div \
class=WordSection1><p class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Brian:<o:p></o:p></span></p><p \
class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p \
class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Check the \
permission of your cert and key files.<o:p></o:p></span></p><p class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><p \
class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Thanks a \
lot!<o:p></o:p></span></p><p class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p \
class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Yan \
<o:p></o:p></span></p><p class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p></div><p \
class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div \
style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p \
class=MsoNormal><b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> \
openldap-technical-bounces@OpenLDAP.org \
[mailto:openldap-technical-bounces@OpenLDAP.org] <b>On Behalf Of </b>Brian \
Empson<br><b>Sent:</b> Tuesday, September 25, 2012 9:20 PM<br><b>To:</b> \
openldap-technical@openldap.org<br><b>Subject:</b> TLS error on \
startup<o:p></o:p></span></p></div></div><p \
class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal \
style='margin-bottom:12.0pt;background:white'><span \
style='color:black'>Hello,<br><br>I'm having an issue starting up slapd with TLS \
enabled. I tried to search for the error code but I couldn't find any GnuTLS error \
codes that match. Here are the log entries that appear:<br><br>Sep 25 21:07:05 dir0 \
slapd[15018]: main: TLS init def ctx failed: -1<br>Sep 25 21:07:05 dir0 slapd[15018]: \
DIGEST-MD5 common mech free<br>Sep 25 21:07:05 dir0 slapd[15018]: slapd \
stopped.<br>Sep 25 21:07:05 dir0 slapd[15018]: connections_destroy: nothing to \
destroy.<br><br>Is there a way to check and see if this build is enabled with TLS \
support? I installed it from a package manager rather than compiling it. Here are the \
TLS portions of the config:<br><br># SSL<br>TLSCipherSuite \
HIGH:MEDIUM:+SSLv2<br>TLSCACertificateFile \
/etc/ssl/ca.pem<br>TLSCertificateFile \
/etc/openldap/ssl/server.pem<br>TLSCertificateKeyFile \
/etc/openldap/ssl/server.key<br>TLSVerifyClient demand<br><br>Here are the files \
listed: (I changed the permissions during troubleshooting)<br><br>[09/25/12 \
9:16PM][root@dir0 /etc/openldap]# ls -lah ssl<br>total 12<br>drw------- 2 \
_openldap _openldap 512B Sep 25 19:59 .<br>drwxr-xr-x 4 \
root wheel \
512B Sep 25 19:54 ..<br>-rwxrwxrwx 1 _openldap \
_openldap 3B Sep 25 20:08 digits.srl<br>-rwxrwxrwx 1 \
_openldap _openldap 887B Sep 25 19:56 \
server.key<br>-rwxrwxrwx 1 _openldap _openldap 904B Sep 25 \
20:08 server.pem<br>-rwxrwxrwx 1 _openldap _openldap 684B Sep \
25 19:57 server.req<br><br>[09/25/12 9:16PM][root@dir0 /etc/openldap]# ls -lah \
/etc/ssl<br>total 170<br>drwxr-xr-x 4 root wheel 512B \
Sep 25 19:52 .<br>drwxr-xr-x 27 root wheel 2.5K Sep 24 20:50 \
..<br>-rw-r--r-- 1 root wheel 912B Sep 23 16:30 \
ca.crt<br>-rw-r--r-- 1 root wheel 912B Sep 25 19:52 \
ca.pem<br>-rw-r--r-- 1 root wheel 17B Sep 23 \
17:51 ca.srl<br>-r--r--r-- 1 root bin 147K \
Feb 12 2012 cert.pem<br>drwxr-xr-x 2 root wheel \
512B Feb 12 2012 lib<br>-r--r--r-- 1 root \
bin 1.6K Feb 12 2012 \
openssl.cnf<br>drwx------ 2 root wheel 512B Sep 23 \
16:29 private<br>-rw-r--r-- 1 root wheel 1.0K Sep 25 \
19:52 privkey.pem<br>-r--r--r-- 1 root bin 1005B \
Feb 12 2012 x509v3.cnf<br><br>Is this an issue with the build I'm running? (SSL \
not enabled or?) <br><br>Thanks!<br>Brian<o:p></o:p></span></p><div><p \
class=MsoNormal style='background:white'><span \
style='color:black'><o:p> </o:p></span></p></div></div></div></body></html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic