[Date Prev][Date Next]
Re: SSL problems, certificate missmatch
--On Freitag, 12. April 2002 01:43 -0700 Leila Lappin
I came across this problem because when I do ldapsearch without -ZZ I get
the data I'm expecting to see. But when I do the same search with -ZZ
option I only get "ldap_start_tls: Success" and no data. I looked
through diagnostics on the client side and saw an error with mismatched
hostnames on certificates. It's clear that two different certificates
are being used by the client and server but why and how can I fix it?
You need to use the hostname that is specified in the certificate (either
as CN attribute in the DN or as subjectAltName of type DNS) as the hostname
you connect to. If these two don't match, the connection is aborted because
this mismatch could result from a Man-in-the-Middle attack.
Norbert Klasen, Dipl.-Inform.
DAASI International GmbH phone: +49 7071 29 70336
Wilhelmstr. 106 fax: +49 7071 29 5114
72074 Tübingen email: firstname.lastname@example.org
Germany web: http://www.daasi.de