[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL / Certificates / ... Some confusion

To: openldap-technical@openldap.org
Subject: Re: SSL / Certificates / ... Some confusion
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Mon, 12 Apr 2010 15:29:12 +0200
In-reply-to: <4BC306B1.7080701@filmakademie.de> (Götz Reinicke's message of "Mon, 12 Apr 2010 13:40:33 +0200")
References: <4BC2EEBC.7060500@filmakademie.de> <8739z0q5d4.fsf@magenta.l4b.de> <4BC306B1.7080701@filmakademie.de>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b29 (linux)

Götz Reinicke - IT-Koordinator <goetz.reinicke@filmakademie.de> writes:

> Dieter Kluenter schrieb:
>> Götz Reinicke - IT-Koordinator <goetz.reinicke@filmakademie.de> writes:
>>
>>> Hi,
>> [...]
>>> I noticed and googeled some provider debug info and wanted to ask for
>>> some prove or clarification or work around:
>>>
>>>> >From the provider log:
>>> TLS certificate verification: Error, unsupported certificate purpose
>>> ...
>>> TLS trace: SSL3 alert write:warning:bad certificate
>>> connection_read(13): unable to get TLS client DN, error=49 id=1
>>
>> What is the commonName attribute value of the client certificate?
>
> CN=ldap2.filmakademie.de

That's what I thought, but this is not a valid distinguished name,
because it is not the client host name that has to be authenticated
but an entries DN.

-Dieter

-- 
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6

References:
- SSL / Certificates / ... Some confusion
  - From: Götz Reinicke - IT-Koordinator <goetz.reinicke@filmakademie.de>
- Re: SSL / Certificates / ... Some confusion
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: SSL / Certificates / ... Some confusion
  - From: Götz Reinicke - IT-Koordinator <goetz.reinicke@filmakademie.de>

Prev by Date: Re: TLS issues
Next by Date: Re: SSL / Certificates / ... Some confusion
Index(es):
- Chronological
- Thread