My Community Dashboard

Toggle Sidebar
News Feed
  • thans Nick.

    Yes, there's no other error message. Just changing the certficates in my slapd.conf cause this error :



    I was able to create my keyfile using , as you said, the rsa option

  • Elon brown
     webroot.com/safe help you negate the treachery of cyber-criminals to obtain your data or information.
     Ask Me Rating is a critical step ensuring we always have the most recent and accurate details on our web site.
     office.com/setup is a set of desktop applications, which is widely used products for the home as well as an office. Microsoft office gives the freedom of writing documents, blogs, letters and with the use of Microsoft office PowerPoint one can prepare a presentation also. The McAfee.com/Activate Internet protection suite and antivirus software are the products designed by  mcafee.com/activate for helping to secure home, business or school systems. You will need an identification key for the entire  mcafee.com/activate products brought online or from the retail store.
  • Arnaud Forster wrote:

    Ok, so I'm gonna try to copy an rename it.

    Here was the error message I get when trying to convert my key file :

    [root@master certificate_manager.d]# openssl x509 -text -outform der -in GFBienne.key -out GFBienne-key.pem
    unable to load certificate
    140612166498192:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE
    [root@master certificate_manager.d]# ls -l
    Use "rsa" and not "x509" for keys.

    You'd have to find out why slapd failed to start. There is no clue in the message you posted. Did you remember to make the user ldap a member of ssl-certs?

  • O, I was able to convert / rename my certificates but my ldap server refuse them ...

    ...


    Process: 9003 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=1/FAILURE)
    Process: 8975 ExecStartPre=/usr/libexec/openldap/prestart.sh (code=exited, status=0/SUCCESS)
    Main PID: 30479 (code=exited, status=0/SUCCESS)

    avril 06 11:40:33 master.gfb.lan prestart.sh[8975]: Configuration directory '/etc/openldap/slapd.d' does not exist.
    avril 06 11:40:33 master.gfb.lan prestart.sh[8975]: Warning: Usage of a configuration file is obsolete!
    avril 06 11:40:33 master.gfb.lan runuser[8979]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
    avril 06 11:40:33 master.gfb.lan runuser[8979]: pam_unix(runuser:session): session closed for user ldap
    avril 06 11:40:33 master.gfb.lan slapd[9003]: @(#) $OpenLDAP: slapd 2.4.44 (Oct 11 2019 15:35:58) $
    root@build-x86_64-1.orem.clearos.com:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
    avril 06 11:40:33 master.gfb.lan systemd[1]: slapd.service: control process exited, code=exited status=1

  • Ok, so I'm gonna try to copy an rename it.

    Here was the error message I get when trying to convert my key file :

    [root@master certificate_manager.d]# openssl x509 -text -outform der -in GFBienne.key -out GFBienne-key.pem
    unable to load certificate
    140612166498192:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE
    [root@master certificate_manager.d]# ls -l

  • Did slapd give an error? I think you can just rename the certificates.

    Note that if you're using Let's Encrypt certificates you won't want to go through the Import Certificate route as it cannot be automated for every time the Let's Encrypt certificate updates. You'll want to do somethng like rsync them across from the originating server. Then have the receiving sever watch for new certificates being received, move them into place and restart slapd.

  • Bulk Ammo Deals With Free Shipping
  • Hello Nick,
    Yes thanls for that, I found the file ... but nex problem .. it seems slapd use .pem certficates and mine are crt ; intermediate and .key ones. I successfully converte my .cert and my .intermediate to .pem certificates but noway for the .key one.

    I'll look for that .key file to be converted, If I can't, I'll use the CA certificate.

    I come back with the details .
    thanks

  • I am not sure that you need to. Generally, I believe, you can just import the ClearOS CA into the third party apps.

    If you do want to use Let's Encrypt certificates, have a look at the Let's Encrypt howto and adapt one of the cyrus-imap or smtp/postfix methods. The file you need to edit is probably /etc/openldap/slapd.conf where there are three PEM entries. Guessing, but TLSCACertificateFile must point to the CA bundle (/etc/pki/tls/certs/ca-bundle.crt), TLSCertificateFile to your fullchain file and TLSCertificateKeyFile to your key file. When you get it all working and have confirmed it is is working with your third part app, please post back with the details and I'll add it to the howto.