Configuring OpenLDAP for TLS on FreeBSD 12

Gerard · November 4, 2019, 2:48pm

My operating system is: FreeBSD 12

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.39.0

I am trying to configure OpenLDAP on a FreeBSD 12 machine. According to the directions from FreeBSD, I need to enter this information into the ‘slapd.conf’ file:

security ssf=128
TLSCertificateFile /path/to/your/cert.crt
TLSCertificateKeyFile /path/to/your/cert.key
TLSCACertificateFile /path/to/your/cacert.crt

Mt question is, what files am I supposed to use? I have a ‘cert.pem’, a ‘chain.pem’, a ‘fullchain.pem’ and a ‘privkey.pem’ located in my letsencrypt directory. I am not sure what keys translate to the ones requested?

Thanks!

JuergenAuer · November 4, 2019, 2:54pm

Hi @Gerard

that should work:

cert.crt -> cert.pem
cert.key -> privkey.pem
cacert.crt -> chain.pem

fullchain.pem contains cert.pem and chain.pem, so it’s not required.

Phil_LE · November 4, 2019, 2:57pm

Hi @Gerard,

Here’s a doc that may help.

Gerard · November 4, 2019, 3:01pm

I am getting a:

Service Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

I will try again later.

Phil_LE · November 4, 2019, 3:11pm

Me too now. It turns out that about 3 requests killed that website.

Have you tried a config like this?

TLSCACertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
TLSCertificateFile /etc/letsencrypt/live/example.com/cert.pem
TLSCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem

According to https://wiki.archlinux.org/index.php/OpenLDAP#Configure_slapd_for_SSL you’ll need to grant privileges for the system ldap user.

system · December 4, 2019, 3:10pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.