[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Some TLS questions

To: openldap-software@OpenLDAP.org
Subject: Re: Some TLS questions
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Wed, 21 Jul 2004 08:51:39 -0700
Content-disposition: inline
In-reply-to: <20040721152613.GL8909@conectiva.com.br>
References: <1090407832.18749.16.camel@forbidden.cipanb.ca> <20040721152613.GL8909@conectiva.com.br>

--On Wednesday, July 21, 2004 12:26 PM -0300 Andreas <andreas@conectiva.com.br> wrote:

On Wed, Jul 21, 2004 at 08:03:52AM -0300, Jean-Rene Cormier wrote:

Is there a way I can create the certificate so I can connect to the
server using different hostnames so I could use CNAMEs to make
openldap.mydomain.com point to hostname.mydomain.com?


yes, use subjectAltName. Works perfectly, I just tried it yesterday.
You will need something like this in the usr_cert section in your
openssl.cnf file if you are generating your own certificates:

subjectAltName = DNS:server.company.com,IP:1.2.3.4

Just an example, of course. I guess wildcards are also allowed, but
I haven't tried those.

wildcards work with openldap, we have a wildcard cert that's working quite well. ;)

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- Some TLS questions
  - From: Jean-Rene Cormier <jean-rene.cormier@cipanb.ca>
- Re: Some TLS questions
  - From: Andreas <andreas@conectiva.com.br>

Prev by Date: Re: SASL in ldap.conf
Next by Date: Re: openldap up; can't db_stat
Index(es):
- Chronological
- Thread