[Date Prev][Date Next] [Chronological] [Thread] [Top]

Some TLS questions

Hi, I'm currently setting up a new OpenLDAP 2.1.29 server on FC2 and I
had some questions about TLS. I've set it up using a self signed CA and
it works when I do a simple bind (with the -ZZ option) using the FQDN,
if I use the IP address I get this error message:

ldap_start_tls: Connect error (-11)
additional info: TLS: hostname does not match CN in peer certificate

Is there a way I can create the certificate so I can connect to the
server using different hostnames so I could use CNAMEs to make
openldap.mydomain.com point to hostname.mydomain.com?

Also this is not really specific to OpenLDAP and more of a generic
SSL/TLS question but if you have different services running on one
server do you use the same certificate/private key for both services or
do you create a new one? If you create a new one, can you use the same
CN for both certificate?

I'm sorry for being off-topic here but if someone could point me to some
info or a better mailing list for this I would really appreciate.


Jean-Rene Cormier <jean-rene.cormier@cipanb.ca>