[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Some TLS questions



Jean-Rene Cormier wrote:
Hi, I'm currently setting up a new OpenLDAP 2.1.29 server on FC2 and I
had some questions about TLS. I've set it up using a self signed CA and
it works when I do a simple bind (with the -ZZ option) using the FQDN,
if I use the IP address I get this error message:

ldap_start_tls: Connect error (-11)
additional info: TLS: hostname does not match CN in peer certificate

Is there a way I can create the certificate so I can connect to the
server using different hostnames so I could use CNAMEs to make
openldap.mydomain.com point to hostname.mydomain.com?

Also this is not really specific to OpenLDAP and more of a generic
SSL/TLS question but if you have different services running on one
server do you use the same certificate/private key for both services or
do you create a new one? If you create a new one, can you use the same
CN for both certificate?

I'm sorry for being off-topic here but if someone could point me to some
info or a better mailing list for this I would really appreciate.

TIA


http://www.openldap.org/faq/data/cache/185.html

"RFC 2830 also specifies a means for additional names to be set in a certificate...."

Dave
--
Dave Lewney
Principal Systems Programmer, IT Services
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273 271956