Yes, the openldap rpm was just updated, but it did not take effect until the slapd deamon was restarted. I have not explicitly tried to use the Mozilla NSS database, I did not use the TLSCADIR(?) attribute and instead used: olcTLSCertificateFile , olcTLSCertificateKeyFile, and olcTLSCACertificateFile.
I will look into that bug and the documentation you pointed me at. Thanks Eric Falbe On Thu, Mar 6, 2014 at 5:29 PM, Terje Trane <[email protected]> wrote: > On 05.03.2014 22:27, Eric Falbe wrote: > >> I have attempted to rebuild the database backend (with slapcat and >> slapadd), but am still getting this same error. I have my ssl >> (self-signed) certificates located in /etc/pki/tls/certs/ldap.cassens.com.pem >> /etc/pki/tls/tls/certa/ca.pem /etc/pki/tls/private/ldap. >> cassens.comKey.pem >> >> These certificates worked fine up untill today, does anyone have any >> insight on where to look to being troubleshooting this issue? >> > > Just a guess, but was the openldap rpm just updated? (or the service just > restarted for the first time after a previous update). > > Could this be related to RedHat/CentOS rpms deciding to start using GnuTLS > instead of OpenSSL? Try searching in their bug databases. > > E.g.: https://bugzilla.redhat.com/show_bug.cgi?id=707599 > > --- > This email is free from viruses and malware because avast! Antivirus > protection is active. > http://www.avast.com > >
