[Date Prev][Date Next] [Chronological] [Thread] [Top]

Multiple names for server -> problems using TLS.



Hello all!

I've tried to set up certificates to accept two different names for my
ldap-server. I followed the recipe in the FAQ:
http://www.openldap.org/faq/data/cache/185.html , but I get
"ldap_start_tls: Connect error (91)" when trying the second name.

I openssl.cnf:
subjectAltName=DNS:ldap.domain.no,DNS:ldap2.domain.no

ldap2 is a CNAME for ldap.

Certificates made by(for ldap.domain.no):
CA.pl -newca 
CA.pl -newreq
CA.pl -signreq
openssl rsa -in newreq.pem -out ldapkey.pem
mv newcert.pem ldapcert.pem

slapd.conf:

TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /ldap/etc/ldap-cert/ldapcert.pem
TLSCertificateKeyFile /ldap/etc/ldap-cert/ldapkey.pem
TLSCACertificateFile /ldap/etc/ldap-cert/demoCA/cacert.pem

What am I missing?

Regards,
-- 
Mathias Meisfjordskar

GNU/Linux addict.
Debian - What your mom would use if it were twenty times easier.