'Re: SSL certificate install'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-technical
Subject:    Re: SSL certificate install
From:       Howard Chu <hyc () symas ! com>
Date:       2023-12-14 9:46:18
Message-ID: ac27d9cc-a936-a427-b482-ae7380b8c944 () symas ! com
[Download RAW message or body]

Stefan Kania wrote:
> Syntax error? Open your file with vi and do a "set: list" and you will see additional blanks and tabstops.
> 
> 
> Am 13.12.23 um 14:28 schrieb Jean-Luc Chandezon:
>>>
>>> You are missing "changetype: modify"
>>>
>>> this is how it should look
>>> -------------
>>> dn: cn=config
>>> changetype: modify
>>> add: olcTLSCertificateFile
>>> olcTLSCertificateFile: /opt/symas/etc/openldap/example-net-cert.pem
>>> -
>>> add: olcTLSCertificateKeyFile
>>> olcTLSCertificateKeyFile: /opt/symas/etc/openldap/example-net-key.pem
>>> -
>>> add: olcTLSCACertificateFile
>>> olcTLSCACertificateFile: /opt/symas/etc/openldap/cacert.pem
>>>
>>> -------------
>>> Stefan
>>>
>>
>> Thank you Stefan!
>> Sorry for the mistake due to last changes.
>>
>> Our ldf file content is:
>>
>> dn: cn=config
>> changetype: modify
>> add: olcTLSCACertificateFile
>> olcTLSCACertificateFile: /etc/ssl/certs/LEXP_Infra_CA1.pem
>> -
>> add: olcTLSCertificateKeyFile
>> olcTLSCertificateKeyFile: /etc/ssl/private/annuaire.lexp.fr.key
>> -
>> add: olcTLSCertificateFile
>> olcTLSCertificateFile: /etc/ssl/certs/annuaire.lexp.fr.pem
>>
>>
>> with the request:
>> ldapmodify -Y EXTERNAL -H ldapi:/// -f /root/01-SSL.ldif
>>    result:
>> modifying entry "cn=config"
>> ldap_modify: Other (e.g., implementation specific) error (80)
>>
>> Any idea?
>>
>> Please find log content bellow
>>
>> 023-12-13T14:26:31.500282+01:00 bea-chicago slapd[63531]: #011#011one value, length 33
>> 2023-12-13T14:26:31.500380+01:00 bea-chicago slapd[63531]: #011add: olcTLSCertificateKeyFile
>> 2023-12-13T14:26:31.500452+01:00 bea-chicago slapd[63531]: #011#011one value, length 37

As always - set a higher debug level and examine the debug output. Not the syslog output. syslog is for recording
routine operation, not for isolating problems. Use the debug output for troubleshooting.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic