[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: openLDAP with let's encrypt SSL certificate
Jonas Kellens wrote:
> I am trying to configure openLDAP on Centos 6.8 with SSL.
Note that OpenLDAP builds on RHEL/CentOS are linked against libnss and
you likely have to deal with certutil to prepare the cert and key DB.
> My /etc/openldap/slapd.conf file has the following lines :
>
> TLSCACertificateFile /etc/letsencrypt/live/slap01.domain.tld/fullchain.pem
> TLSCertificateFile /etc/letsencrypt/live/slap01.domain.tld/cert.pem
> TLSCertificateKeyFile /etc/letsencrypt/live/slap01.domain.tld/privkey.pem
Unfortunately, even though the config directives use the very same
names, they have different meaning when linked against libnss.
Personally I consider this as a serious design flaw of the libnss support.
Example (from my memory):
# *directory* with libnss DB files
TLSCACertificatePath /etc/openldap/certs
# key alias used for server key
TLSCertificateFile server-key-alias
# pass-phrase file for using key DB file
TLSCertificateKeyFile /etc/openldap/certs/password
Ciao, Michael.