[Date Prev][Date Next]
Re: Reverse Lookup Server SSL Certivicate CN
Today at 12:46am, firstname.lastname@example.org wrote:
> CN, "server.example.com". Can openLDAP be configured to compare the
> certificate's CN to a reverse lookup of the server's IP?
You don't say what version of OpenLDAP you are using. I know that 2.0
fails to search the subjAltName directives. However 2.1 does search
there for the correct name. If you are not wanting to generate a
certificate that uses subjAltName (doing so will require that you
generate your own certificates -- at least I haven't found a commercial
certificate authority that would honor that for me) -- then you will
need to modify the source code.
It sounds like a nice idea, but is it counter to the "authoritative"
methods for verifying an SSL certificate?
Frank Swasey | http://www.uvm.edu/~fcs
Systems Programmer | Always remember: You are UNIQUE,
University of Vermont | just like everyone else.
=== God Bless Us All ===