[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SSL certificates, kerberos keytabs, and load balancing

To: "'Dieter Kluenter'" <dieter@dkluenter.de>, <openldap-software@OpenLDAP.org>
Subject: RE: SSL certificates, kerberos keytabs, and load balancing
From: "Howard Chu" <hyc@highlandsun.com>
Date: Tue, 13 Apr 2004 07:12:48 -0700
Importance: Normal
In-reply-to: <m3fzb8e6jb.fsf@marin.l4b.de>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Dieter Kluenter

> To solve the host mismatch problem in certificates you may addionally
> use the attribute subjectAltName, i.e. 
> commonName=ldap1.example.com
> subjectAltName=commonName: ldap.example.com

The actual syntax in OpenSSL is
	subjectAltName=dnsName:ldap.example.com

Note this is an X.509v3 certificate extension, not an LDAP attribute.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- subjectAltName in certificates (was: SSL certificates, kerberos keytabs, and load balancing)
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

References:
- Re: SSL certificates, kerberos keytabs, and load balancing
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: RE: Paged results flakey - and hdb vs bdb
Next by Date: RE: Paged results flakey - and hdb vs bdb
Index(es):
- Chronological
- Thread