[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Multiple names for server -> problems using TLS.
Hello all!
I've tried to set up certificates to accept two different names for my
ldap-server. I followed the recipe in the FAQ:
http://www.openldap.org/faq/data/cache/185.html , but I get
"ldap_start_tls: Connect error (91)" when trying the second name.
I openssl.cnf:
subjectAltName=DNS:ldap.domain.no,DNS:ldap2.domain.no
ldap2 is a CNAME for ldap.
Certificates made by(for ldap.domain.no):
CA.pl -newca
CA.pl -newreq
CA.pl -signreq
openssl rsa -in newreq.pem -out ldapkey.pem
mv newcert.pem ldapcert.pem
slapd.conf:
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /ldap/etc/ldap-cert/ldapcert.pem
TLSCertificateKeyFile /ldap/etc/ldap-cert/ldapkey.pem
TLSCACertificateFile /ldap/etc/ldap-cert/demoCA/cacert.pem
What am I missing?
Regards,
--
Mathias Meisfjordskar
GNU/Linux addict.
Debian - What your mom would use if it were twenty times easier.