Sorry for the naiv headline. I run into massive problems on all of my FreeBSD 10.0-CURRENT driven boxes. PostgreSQL rejects accessing OpenLDAP via SSL and all clients accessing the database and autheticating users via a SSL/TLS secured conection to OpenLDAP refuse working. This includes some very important facilities like textproc/refdb, databases/pgadmin3, www/mediawiki. Mor scraing, I tried to generate for a our small network new SSL certificates. We use since FreeBSD 8.0 small scripts for that task. Creating a new CA certificate works fine, creating new certificate for clients including based on the new CA. Well, what worked half a year before doesn't anymore and I have no clue what goes wrong. I created a set of new CA, key and host certificate (self signed, of course) for OpenLDAP. Using the CA and key/cert from backup - created with the same conf and scipts on FBSD 8/9 I use now on FBSD 10, goes "smooth", but fails starting the OpenLDAP server. The log output of the server is as follows: TLS: could not use key file `/usr/local/etc/openldap/certs/server.key'. TLS: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch /usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/x509/x509_cmp.c:406 main: TLS init def ctx failed: -1 slapd stopped. connections_destroy: nothing to destroy. /usr/local/etc/rc.d/slapd: WARNING: failed to start slapd As far I can dig from the web this error code "TLS: error:0B080074:x509 certificate..." s due to mismatching CN names. But why out of the sudden should that be wrong? Did something significantly changed in FreeBSD 10.0-CURRENT these days? Regards, Oliver
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:25 UTC