[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: about TLS and Openldap ...

To: Johann Botha <joe@frogfoot.net>
Subject: Re: about TLS and Openldap ...
From: Susanne Benkert <benkerts@emt.iis.fhg.de>
Date: Fri, 21 Dec 2001 12:03:15 +0100
Cc: openldap-software@OpenLDAP.org
References: <B0000688802@professeur3.enic.fr> <3C21BCBC.3040201@emt.iis.fhg.de> <20011220141954.D664@thinknow.de> <3C22FD1F.8050102@emt.iis.fhg.de> <20011221103138.GB29742@blue.frogfoot.net>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6) Gecko/20011120

Hi Johann,


Johann Botha wrote:

a problem i had with getting ldaps running was that my SSL cert was not
created with the correct hostname.

when you create the SSL cert, make sure your forward,reverse lookups match
the Common Name value you give:

openssl req -new -x509 -nodes -out server.pem -keyout server.pem -days 0

Common Name (eg, YOUR name) []: myserver.mydomain.com

I'm quite sure I did so, because had the same problem some time ago and nothing worked (not even start_tls) but after changing the CN start_TLS worked.

Thanks for your reply.
Susanne

References:
- SASL authentication and simple bind
  - From: Jacques Landru <landru@enic.fr>
- about TLS and Openldap ...
  - From: Susanne Benkert <benkerts@emt.iis.fhg.de>
- Re: about TLS and Openldap ...
  - From: Waldemar Brodkorb <waldemar@thinknow.de>
- Re: about TLS and Openldap ...
  - From: Susanne Benkert <benkerts@emt.iis.fhg.de>
- Re: about TLS and Openldap ...
  - From: Johann Botha <joe@frogfoot.net>

Prev by Date: Re: about TLS and Openldap ...
Next by Date: RE: old objectclass format not supported
Index(es):
- Chronological
- Thread