[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Multi-homed machine and TLS

El Miércoles, 15 de Septiembre de 2004 10:38, Imobach González Sosa escribió:
> Hi all,
> We've got a multi-homed (and aliased machine) and we're using TLS to secure
> communications. The problem is about the certificate: the commonName must
> be the host's FQDN, but this machine could be referred using different
> names, so TLS only works with one of the host's names. I've read something
> about subjectAltName when generating the ssl certificates... is that the
> right direction to the solution?

Ok, we've generated a SSL certificate with 

If we type

$ openssl s_client -CAfile /usr/share/ssl/certs/cacert.pem \
-connect name2.domain.com:636 -tls1 -showcerts

it seems to work pretty fine (subjectAltName attribute is listed). However, 
when we try using ldapsearch, we've got a TLS error. It seems that it's only 
checking the commonName (if we specify the commonName instead of one of the 
aliases, it works).

Any idea? Thank you in advance.

Imobach González Sosa
Servicio de Informática y Comunicaciones de la ULPGC
e-mail: igonzalez@becarios.ulpgc.es
Teléfono: +34 928 459519