'Re: SSL certificate install'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-technical
Subject:    Re: SSL certificate install
From:       Howard Chu <hyc () symas ! com>
Date:       2023-12-14 9:46:18
Message-ID: ac27d9cc-a936-a427-b482-ae7380b8c944 () symas ! com
[Download RAW message or body]

Stefan Kania wrote:
> Syntax error? Open your file with vi and do a "set: list" and you will see \
> additional blanks and tabstops. 
> 
> Am 13.12.23 um 14:28 schrieb Jean-Luc Chandezon:
> > > 
> > > You are missing "changetype: modify"
> > > 
> > > this is how it should look
> > > -------------
> > > dn: cn=config
> > > changetype: modify
> > > add: olcTLSCertificateFile
> > > olcTLSCertificateFile: /opt/symas/etc/openldap/example-net-cert.pem
> > > -
> > > add: olcTLSCertificateKeyFile
> > > olcTLSCertificateKeyFile: /opt/symas/etc/openldap/example-net-key.pem
> > > -
> > > add: olcTLSCACertificateFile
> > > olcTLSCACertificateFile: /opt/symas/etc/openldap/cacert.pem
> > > 
> > > -------------
> > > Stefan
> > > 
> > 
> > Thank you Stefan!
> > Sorry for the mistake due to last changes.
> > 
> > Our ldf file content is:
> > 
> > dn: cn=config
> > changetype: modify
> > add: olcTLSCACertificateFile
> > olcTLSCACertificateFile: /etc/ssl/certs/LEXP_Infra_CA1.pem
> > -
> > add: olcTLSCertificateKeyFile
> > olcTLSCertificateKeyFile: /etc/ssl/private/annuaire.lexp.fr.key
> > -
> > add: olcTLSCertificateFile
> > olcTLSCertificateFile: /etc/ssl/certs/annuaire.lexp.fr.pem
> > 
> > 
> > with the request:
> > ldapmodify -Y EXTERNAL -H ldapi:/// -f /root/01-SSL.ldif
> > result:
> > modifying entry "cn=config"
> > ldap_modify: Other (e.g., implementation specific) error (80)
> > 
> > Any idea?
> > 
> > Please find log content bellow
> > 
> > 023-12-13T14:26:31.500282+01:00 bea-chicago slapd[63531]: #011#011one value, \
> > length 33 2023-12-13T14:26:31.500380+01:00 bea-chicago slapd[63531]: #011add: \
> > olcTLSCertificateKeyFile 2023-12-13T14:26:31.500452+01:00 bea-chicago \
> > slapd[63531]: #011#011one value, length 37

As always - set a higher debug level and examine the debug output. Not the syslog \
output. syslog is for recording routine operation, not for isolating problems. Use \
the debug output for troubleshooting.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic