[Fedora-directory-users] Setting up a Debian client for ssl
Richard Megginson
rmeggins at redhat.com
Fri Sep 14 13:41:24 UTC 2007
Steven Jones wrote:
> 8><----
>
> I'm not sure. It says "No such file or directory" - permissions?
> http://directory.fedoraproject.org/wiki/Howto:SSL#Configure_LDAP_clients
>
>>
> 8><----
>
> I tried changing permissions,
>
> [root at vuwunicvfdsm001 openldap]# ls -l
> total 16
> drwxrwxrwx 2 root root 4096 Sep 14 14:38 cacerts
> -rw-r--r-- 1 root root 320 Aug 24 10:56 ldap.conf
> [root at vuwunicvfdsm001 openldap]# ls -l cacerts/
> total 8
> -rw-r--r-- 1 nobody nobody 619 Sep 14 12:49 5be5959f.0
> -rw-r--r-- 1 nobody nobody 619 Sep 14 14:38 cacert.asc
> [root at vuwunicvfdsm001 openldap]#
>
> no joy,
>
> 8><----
> TLS: could not load verify locations
> (file:`/etc/openldap/cacerts/5be5959f.0',dir:`/etc/openldap/cacerts/').
> TLS: error:02001002:system library:fopen:No such file or directory
> bss_file.c:122
> TLS: error:2006D080:BIO routines:BIO_new_file:no such file
> bss_file.c:125
> TLS: error:0B084002:x509 certificate
> routines:X509_load_cert_crl_file:system lib by_file.c:274
> ldap_perror
> ldap_start_tls: Connect error (-11)
> additional info: Start TLS request accepted.Server willing to
> negotiate SSL.
>
I've had trouble getting TLS_CACERTDIR to work on some platforms. To be
safe, I would use TLS_CACERT instead.
http://directory.fedoraproject.org/wiki/Howto:SSL#Configure_LDAP_clients
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070914/ae216b6e/attachment.bin>
More information about the Fedora-directory-users
mailing list