I'm trying to implement SSL to my OpenLDAP installation on CentOS 7 and can't seem to get the right certificates in the correct fields. I'm a little confused by the issuers naming conventions. I'm sure this is an LDAP + SSL newbie question :)
Self signed certs are named as follows
server.key
server.crt
server.csr
The issuer has provided me with
AddTrustExternalCARoot.crt
SAAddTrustCA.crt
SADomainValidationSecureServerCA.crt
my_domain_name.crt
In my mod_ssl.ldif I have
dn: cn=config
changetype: modify
replace: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/openldap/certs/SADomainValidationSecureServerCA.crt
-
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/AddTrustExternalCARoot.crt
-
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/server.key
I've tried several combinations of this without success. I'm sure it's something simple I'm overlooking here. When running
# slapd -d -1
I get the following output, which I'm sure means something along the lines of bad/mismatched key
55d22d8e connection_get(15)
55d22d8e connection_get(15): got connid=1000
55d22d8e connection_read(15): checking for input on id=1000
ber_get_next
ldap_read: want=8, got=8
0000: 16 03 03 00 cf 01 00 00 ........
55d22d8e ber_get_next on fd 15 failed errno=34 (Numerical result out of range)
55d22d8e connection_read(15): input error=-2 id=1000, closing.
55d22d8e connection_closing: readying conn=1000 sd=15 for close
Any help is greatly appreciated!
