I am running a samba/ldap server with openldap 2.3 and CentOS 5.2. I have got a fully functional, replicating, ldap environment which I am trying to secure with TLS. I have very probably read every how to for ldap and TLS on the internet but I can't seem to get it to work correctly. I have created a CA, server certificate, signed it, and I've used the make-dummy-cert self signed certificate, etc. I've tried a dozen different ways. When I run authconfig-tui and change my authentication to use TLS, I get the error message Error:PEM routines:PEM_read_bio:no start line
em_lib.c:644:Expecting: TRUSTED CERTIFICATE and it quits working.
So - can anyone instruct me on how to make this work correctly? Also - can anyone explain to me how the certificates work with multiple servers? Do I need a separate certificate for each server? Any information will be helpful - thanks.