[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS and more CN's



On Mon, Aug 12, 2002 at 12:22:32PM +0200, Waldemar Brodkorb wrote:
> 
> is it possible to get the OpenLDAP server to
> communicate with clients over TLS with more than
> one FQDN? I tried two X.509 Certs in one file, but
> slapd ignores the second one.

You want to have the server respond to several different names?

In common with other services using TLS, this means that you will have
to obtain or generate a server certificate that lists all the
different names. You put the extra names in subjectAltName, e.g.:

CN=bighost.example.com
subjectAltName=dnsName:mailstore.example.com,dnsName:ldap.example.com,dnsName:sendmail.example.com

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|        Andrew.Findlay@skills-1st.co.uk       +44 1628 782565        |
-----------------------------------------------------------------------