[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS could not load verify location

Pursuing my long journey on ldap tricky tracks, I've met another sphinx... maybe
someone could help find the right answer...

I've tried to setup TLS protocol on my OpenLdap 2.29 version (windows). At the
moment, I work on my own machine.
With OpenSSL, I've issued a CA certificate, and a certificate for my server too
(with the cn=localhost:389).

Then I've put the lines in my slapd.conf:
TLSVerifyClient never
TLSCACertificateFile "./../Openssl/bin/autre/cacert.pem"
TLSCertificateFile "./../Openssl/bin/autre/certs/ldapservercert.pem"
TLSCertificateKeyFile "./../Openssl/bin/autre/certs/ldapserverkey.pem"
TLS: could not load verify locations (file:`"./../Openssl/bin/autre/cacert.pem"'

and in my ldap.conf:
URI ldap://localhost:389
TLS_CACERT      "./../Openssl/bin/autre/cacert.pem"
TLS_REQCERT     demand

The thing is that when I run slapd, everything seems fine but when I try
something like:

ldapsearch -x -w admin -D "cn=admin,dc=ariane,dc=net"
-b "dc=ariane,dc=net" (uid=rdupont) -ZZ -d -1

I got a error:

TLS: error:02001003:system library:fopen:No such process bss_file.c:122
TLS: error:2006D080:BIO routines:BIO_new_file:no such file bss_file.c:125
TLS: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
ldap_start_tls: Connect error (-11)

However this file exists (it is recognize by the slapd.conf). So I really don't
know what happend. I've tried to regenerate the CA and I've check path but it
didn't work. As far as I understand it, "the fully qualified domain name of the
server" is in my case the "cn=localhost:389" in the server certificate form.
So has someone a clue about what happend?

Thanks a lot.