Re: SSL problems, certificate missmatch

[Pierangelo Masarati <masarati@aero.polimi.it>]

Leila Lappin wrote:
> 
> Hello,
> 
> I'm not passing hostname to ldapsearch becuase I have only the default
> hostnames (localhost.localadmin) setup.  I start the server passing -h
> "ldap:/// ldaps:///" which are supposed to use the default hostname.

This means that slapd will listen on ALL the available devices, e.g.
at least localhost (127.0.0.1) and your.fully.qualified.name (W.X.Y.Z)
(provided you have at least one real network device)

If you don't know your fully qualified name you cannot have a valid
certificate for your server, because that's what you must insert as
"cn" when generating the certificate.
Then, to use the certificate, you need to invoke ldapsearch with
-h your.fully.qualified.name, otherwise chances are localhost is
used, and the certificate will not match.

Pierangelo.

-- 
Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 |
mailto:pierangelo.masarati@polimi.it
via La Masa 34, 20156 Milano, Italy   |
http://www.aero.polimi.it/~masarati