My server is standalone, no firewall
After a update on the 14th, slapd will not start
TLSMC: MozNSS compatibility interception begins.
tlsmc_intercept_initialization: INFO: entry options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `(null)'
tlsmc_intercept_initialization: INFO: certfile = `/etc/openldap/certs/clearos-cert.pem'
tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/clearos-key.pem'
tlsmc_convert: INFO: trying to open NSS DB with CACertDir = `(null)'.
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present.
tlsmc_intercept_initialization: INFO: altered options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `(null)'
tlsmc_intercept_initialization: INFO: certfile = `/etc/openldap/certs/clearos-cert.pem'
tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/clearos-key.pem'
tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only.
TLSMC: MozNSS compatibility interception ends.
TLS: could not use key file `/etc/openldap/certs/clearos-key.pem'.
TLS: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch x509_cmp.c:341
5b4d47f4 main: TLS init def ctx failed: -1
5b4d47f4 slapd destroy: freeing system resources.
5b4d47f4 slapd stopped.
5b4d47f4 connections_destroy: nothing to destroy.
when i run
/usr/sbin/slapd -h 'ldap://127.0.0.1/ ldaps://127.0.0.1/' -u ldap -d -1
Looks like wrong certs after update.
After a update on the 14th, slapd will not start
TLSMC: MozNSS compatibility interception begins.
tlsmc_intercept_initialization: INFO: entry options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `(null)'
tlsmc_intercept_initialization: INFO: certfile = `/etc/openldap/certs/clearos-cert.pem'
tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/clearos-key.pem'
tlsmc_convert: INFO: trying to open NSS DB with CACertDir = `(null)'.
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present.
tlsmc_intercept_initialization: INFO: altered options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `(null)'
tlsmc_intercept_initialization: INFO: certfile = `/etc/openldap/certs/clearos-cert.pem'
tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/clearos-key.pem'
tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only.
TLSMC: MozNSS compatibility interception ends.
TLS: could not use key file `/etc/openldap/certs/clearos-key.pem'.
TLS: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch x509_cmp.c:341
5b4d47f4 main: TLS init def ctx failed: -1
5b4d47f4 slapd destroy: freeing system resources.
5b4d47f4 slapd stopped.
5b4d47f4 connections_destroy: nothing to destroy.
when i run
/usr/sbin/slapd -h 'ldap://127.0.0.1/ ldaps://127.0.0.1/' -u ldap -d -1
Looks like wrong certs after update.
Share this post:
Responses (1)
-
Accepted Answer
If you don't need LDAP right now, please can you raise a ticket at clearcenter.com and provide remote login credentials @ https://secure.clearcenter.com/portal/system_password.jsp. Raise the ticket as a general enquiry and they will provide free support. They really want to troubleshoot this one.
If you do need LDAP now, you'll need to downgrade it. Instructions are in this thread.
[edit]
Also from the same thread, there instructions for copying in your system certificates which may work without downgrading LDAP. If it does work, please report back.
[/edit]
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »