TLS: could not load verify locations

Question

I am trying to contact the organization's OpenLDAP server over SSL.

I am not sure if I am trying with the correct certificate, but I am using a .pfx file I found.

It is located at C:/cert/mycert.pfx

On my ldap.conf file I have the following:

TLS_REQCERT never
TLS_CACERT C:\\cert\\mycert.pfx

When I try to contact the LDAP server I get the following error:

TLS: could not load verify locations (file:`C:\\CERT\\mycert.pfx',dir:`')

Not sure why the quotes look like that, and also the dir is empty and looks like it takes the entire string as the filename and not the path.

What am I doing wrong?

Edit: I tried more variations, same error:

TLS_CACERT C:/cert/mycert.pfx,

TLS_CACERT C:\cert\mycert.pfx

`I am not sure if I am trying with the correct certificate`. You don't need a certificate. Your LDAP server needs a certificate. Also, a CA certificate is *never* distributed in a PFX. It would be a certificate with only the public key (.CRT). — Greg Askew, Jan 01 '23 at 08:23

score 0 · Answer 1 · answered Jan 02 '23 at 08:10

I am not sure which TLS you are using on windows. Below section are from documentation, You can try adding TLS_CACERTDIR <path> parameter before to test.

   TLS_CACERT <filename>
          Specifies  the  file  that  contains certificates for all of the
          Certificate Authorities the client will recognize.

   TLS_CACERTDIR <path>
          Specifies the path of  a  directory  that  contains  Certificate
          Authority   certificates   in  separate  individual  files.  The
          TLS_CACERT is always used before TLS_CACERTDIR.  This  parameter
          is ignored with GnuTLS.

TLS: could not load verify locations

1 Answers1