Just this morning, I was setting up TLS on a LDAP host, but
refused to start afterwards with a bizarre error message:
TLS init def ctx failed: -207
The key and certificate was freshly generated using
openssl on my
laptop (running wheezy, so OpenSSL 1.0.0d-3). After a bit of
googling, I discovered that -207 is gnutls-esque for “Base64 error”.
Of course, the key looks just fine and decodes fine using
openssl base64 and even gnutls’s own
certtool also spits out what it considers the right base64
version of the key and I noticed it differed. Using the one
certtool output seems to work, though, so if you ever run into this
problem try running the key through
certtool --infile foo.pem -k and
use the base64 representation it outputs.