[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem with openldap ssl client

To: Sambuddho Chakravarty <sc2516@columbia.edu>
Subject: Re: problem with openldap ssl client
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Wed, 9 Jul 2008 08:06:47 +0200
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <1215536705.4308.16.camel@insomniac>
References: <1215489987.4308.9.camel@insomniac> <1215504279.7342.41.camel@seaknight.telkomsa.net> <1215536705.4308.16.camel@insomniac>
User-agent: KMail/1.9.9

On Tuesday 08 July 2008 19:05:05 Sambuddho Chakravarty wrote:

> > > tls_cacertdir /etc/ldap/cacerts
> > > tls_cacertfile /etc/ldap/cacert/cacert.pem
> > > #server IP
> > > uri ldaps://30.0.0.2/
> >
> > What is the subject CN on the certificate the server has?
>
> Subject CN is the servers's CN./ST/C/emailAddress/O/OU

I was meaning, you should provide the actual value. If it is not 30.0.0.2, 
your certificate validation should work.

But, if you don't want help, don't post details that people need to help you.

> > So, what do you get if you try something like this:
> >
> > $ openssl s_client -CAfile /etc/ldap/cacerts/cacert.pem -connect
> > 30.0.0.2:636
> >
> > Does the CN attribute in the server certificate you get back match the
> > hostname in the URI?
>
> No. I check this .

No it doesn't match? It does match? Why don't you provide the actual output? 
Or, don't you want help?

References:
- problem with openldap ssl client
  - From: Sambuddho Chakravarty <sc2516@columbia.edu>
- Re: problem with openldap ssl client
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>
- Re: problem with openldap ssl client
  - From: Sambuddho Chakravarty <sc2516@columbia.edu>

Prev by Date: Re: ldap changes
Next by Date: Re: Setting up "slave" OpenLDAP server
Index(es):
- Chronological
- Thread