[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SSL certificates, kerberos keytabs, and load balancing

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Dieter Kluenter

> To solve the host mismatch problem in certificates you may addionally
> use the attribute subjectAltName, i.e. 
> commonName=ldap1.example.com
> subjectAltName=commonName: ldap.example.com

The actual syntax in OpenSSL is

Note this is an X.509v3 certificate extension, not an LDAP attribute.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support