[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#9021) TLS: can't connect: TLS: hostname does not match CN in peer certificate

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#9021) TLS: can't connect: TLS: hostname does not match CN in peer certificate
From: quanah@symas.com
Date: Fri, 10 May 2019 20:45:38 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

--On Friday, May 10, 2019 9:32 PM +0000 darshan mistry 
<darshankmistry@yahoo.com> wrote:

> how we can ignore to look server name in subject of certificate so I can
> use LDAP server ip address instead of host name?

If you want to allow connecting over the IP address with TLS, then add it 
as a subjectAltName value in the certificate, for example:

subjectAltName=IP:1.2.3.4

> Also want to know if there is any open CVE which says it is
> vulnerabilities to use LDAP server ip address instead of name in ldap
> configuration.

I'm not aware of any such CVE or why there would be one.

--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Prev by Date: Re: (ITS#9021) TLS: can't connect: TLS: hostname does not match CN in peer certificate
Next by Date: Re: (ITS#9021) TLS: can't connect: TLS: hostname does not match CN in peer certificate
Index(es):
- Chronological
- Thread