Re: Problem with connecting to ldaps

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 06:45 AM 6/12/2001, Jean-Christian Hassler wrote:




>> On Thu, 7 Jun 2001, Kurt D. Zeilenga wrote:
>>
>> > At 01:53 AM 6/6/2001, Grzegorz Filip wrote:
>> > >
>> > >ldapsearch -H <ldaps:///>ldaps:/// -x -b"" objectclass=*
>> > >I get message "can't contact LDAP server"
>> > >What could caused that problem ?
>> >
>> > Certificate checks.  The name used by the client to locate
>> > the server needs to be the name in the certificate returned
>> > by the server.

I don't recommend creating certificates for "localhost".
I recommend using a fully-qualified domain name in the
certificate and client.


>>
>> Thank you!  I have been struggling with this all afternoon.  I am
>> testing on the same machine that's running slapd, but my cert was
>> created with the fully-qualified host name.  I created a "localhost"
>> cert and both SSL and TLS simple/anonymous binds are working now.
>
>I have exactly the same problem but I can't manage to create a valid
>"localhost" certificate, can you give me more detail on you certificate?
>Here are the information I gave my certificate :
>
>Country Name (2 letter code) [AU]:FR
>State or Province Name (full name) [Some-State]:.
>Locality Name (eg, city) []:Lyon
>Organization Name (eg, company) [Internet Widgits Pty Ltd]:Hexaflux
>Organizational Unit Name (eg, section) []:SERD
>Common Name (eg, YOUR name) []:localhost
>Email Address []:qsdf@qsdf.fr