[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL problems, certificate missmatch

Leila Lappin wrote:
> Hello,
> I'm not passing hostname to ldapsearch becuase I have only the default
> hostnames (localhost.localadmin) setup.  I start the server passing -h
> "ldap:/// ldaps:///" which are supposed to use the default hostname.

This means that slapd will listen on ALL the available devices, e.g.
at least localhost ( and your.fully.qualified.name (W.X.Y.Z)
(provided you have at least one real network device)

If you don't know your fully qualified name you cannot have a valid
certificate for your server, because that's what you must insert as
"cn" when generating the certificate.
Then, to use the certificate, you need to invoke ldapsearch with
-h your.fully.qualified.name, otherwise chances are localhost is
used, and the certificate will not match.


Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 |
via La Masa 34, 20156 Milano, Italy   |