[Date Prev][Date Next]
Re: TLS could not load verify location
Pursuing my long journey on ldap tricky tracks, I've met another sphinx... maybe
someone could help find the right answer...
I've tried to setup TLS protocol on my OpenLdap 2.29 version (windows). At the
moment, I work on my own machine.
With OpenSSL, I've issued a CA certificate, and a certificate for my server too
(with the cn=localhost:389).
Then I've put the lines in my slapd.conf:
TLS: could not load verify locations (file:`"./../Openssl/bin/autre/cacert.pem"'
and in my ldap.conf:
The thing is that when I run slapd, everything seems fine but when I try
ldapsearch -x -w admin -D "cn=admin,dc=ariane,dc=net"
-b "dc=ariane,dc=net" (uid=rdupont) -ZZ -d -1
I got a error:
TLS: error:02001003:system library:fopen:No such process bss_file.c:122
TLS: error:2006D080:BIO routines:BIO_new_file:no such file bss_file.c:125
TLS: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
ldap_start_tls: Connect error (-11)
However this file exists (it is recognize by the slapd.conf). So I really don't
know what happend. I've tried to regenerate the CA and I've check path but it
didn't work. As far as I understand it, "the fully qualified domain name of the
server" is in my case the "cn=localhost:389" in the server certificate form.
So has someone a clue about what happend?
No, the file was NOT "recognized by slapd.conf" - you already got a
specific error message telling you that slapd could not load those
files. What makes you think "TLS: could not load verify locations" means
it recognized anything?
You're on Windows. Windows uses a backslash as its directory separator,
not a forward slash. Try fixing your pathnames, because it clearly
*cannot find the files* using the pathnames you've specified at the moment.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/