[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: IP based and FQDN based certificate on same LDAP node

To: "Prashanth P.Nair" <prashanthppp@gmail.com>
Subject: Re: IP based and FQDN based certificate on same LDAP node
From: Frank Crow <fjcrow2008@gmail.com>
Date: Mon, 18 Apr 2016 10:11:58 -0400
Cc: "openldap-techn." <openldap-technical@openldap.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=CcxUCX/FcMDma6X7hy9f6owJNs0MVldN7e6SXycutPY=; b=I3ulpzYCyBaB/oKWCXbFMJIL2uy9wXlr+ZVVq+Oh1B2s4gOOQ8ytivPLXqj8LzcJVG y7vOeyLFp64bOz3YhPImVobtg2jj6x8fiGA8EjUJZangXJRP5xY0W0r+DqDplf4T0iES tqUoliuKzpZgayGt7Zc8AcUqdo6G29ejQ5poOYBtkGWBCNmG+YHo6EMnj749WKa3Bzyu VYBdXiyK+wHd70eYaxI0qmK7sCULUG5lnG/YJ/kw5WGYrZYnGDk6EUgweYDqQ78zGqpy rI9PvMkyPH+iWyNvac2j6tgjothJq8j8pHs2IYEN0d9UtaUXDHY3lStCyIipiriyLYT3 riSg==
In-reply-to: <CAH4Bzz+5ELWjaZpytf8EwS=SmKjrP2ESv7KxTNJ-=vCAZZsKLQ@mail.gmail.com>
References: <CAH4Bzz+5ELWjaZpytf8EwS=SmKjrP2ESv7KxTNJ-=vCAZZsKLQ@mail.gmail.com>

I use subjectAltName on the cert to include the IP address and alternate DNS names. You need to add the "subjectAltName=" name to the openssl.cnf file in the v3_ca and v3_req sections. Works for us anyway.

-Frank

On Fri, Apr 15, 2016 at 9:28 AM, Prashanth P.Nair <prashanthppp@gmail.com> wrote:

Hi

Currently my LDAP server is having self signed FQDN based SSL certificate .I would like to have IP based SSL certificate for the same node.IS that feasible ?

Below certificate issued to FQDN i.e CN=FQN.

TLSCACertificateFile /etc/ssl/ldap.pem
TLSCertificateKeyFile /etc/ssl/ldap.pem
TLSCertificateFile /etc/ssl/ldap.pem

Br/Prashanth.

Frank

References:
- IP based and FQDN based certificate on same LDAP node
  - From: "Prashanth P.Nair" <prashanthppp@gmail.com>

Prev by Date: Re: ldap_sync(3) function usage
Next by Date: Re: LMDB: Assertion 'mc->mc_flags & C_INITIALIZED' with MDB_NEXT after mdb_cursor_del
Index(es):
- Chronological
- Thread