[Date Prev][Date Next]
Re: (ITS#3158) ldapsearch does not match simple hostnames against fqdns in certificates
On Tue, Jan 04, 2005 at 11:55:58AM -0600, Chad Walstrom wrote:
> The private interface IP address does not resolve to the public host name, nor
> should it in our network setup. The FQDN requirement fails in this
Additionally, this throws off even the loopback interface 127.0.0.1. You have
to populate your /etc/hosts file with the public FQDN for each interface it's on
and do the same for every client on the private network (or implement a DNS
zone). Again, a heavy-handed work-around for something that should be a
configurable option by the client.
If a Certificate is signed by a CA that is found in the CA path directory, then
why force the whole FQDN requirement? It doesn't fit the model of SSL/TLS
Print a warning if you must, but don't disable client functionality by default.
Chad C. Walstrom <firstname.lastname@example.org> 247 Gortner Hall
Asst. Director of IT Help: 612-625-9284
CBS Computing Services, UMN Phone: 612-624-2918