[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem with syncrepl and STARTTLS

r0m5 wrote:
> So I set up a PKI and now it looks OK regarding syncrepl. So I guess my problem might
> be related to ITS#8427, which I didn't see before posting here.
> I still have issues though, with applications randomly failing STARTTLS to my consumers

Many problems like this are caused by not getting the PKI to issue correct public-key
certs. Especially you should put all DNS names a LDAP client might use to connect to your
LDAP server in subjectAltName extension.

E.g. ITS#8427 says:
"Provide the servers with TLS certificates that are correct but do not include
an address used in syncrepl provider setting."
What the heck does that mean?!?

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature