[Date Prev][Date Next] [Chronological] [Thread] [Top]

Hostname does not match common name problem

To: openldap-technical@openldap.org
Subject: Hostname does not match common name problem
From: "Sascha" <SaschaGL@gmx.de>
Date: Fri, 13 Mar 2009 11:30:13 +0100

Hi there!

I have a problem with an LDAP server that I need to connect to. I have the required certificate stored on the client but I am getting the following error message:

"TLS: hostname (A.xyz123.com) does not match common name in 
certificate (*.xyz123.com)"

Is there any way to work around this problem? As far as I understand it, RFC4514 section 3.1.3 allows wildcards thus the connection should work, shouldn't it?

What is confusing me is that 

"openssl s_client -connect A.xyz123.com:636 -CAfile /etc/ssl/certs/rootca.cer" 

results in:

Verify return code: 0 (ok)

If I am not mistaken, openssl accepts the server based on the certificate but openldap does not.

Any help is much appreciated. I am really stuck with this. Thanks.

Regards,
Sascha
-- 
Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger01

Follow-Ups:
- Re: Hostname does not match common name problem
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: [Fwd: Re: OpenLDAP event in Paris - programme details]
Next by Date: newbie question: No anonymous authentication = problems
Index(es):
- Chronological
- Thread