[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Reverse Lookup Server SSL Certivicate CN



Today at 12:46am, ms419@freezone.co.uk wrote:

> CN, "server.example.com". Can openLDAP be configured to compare the 
> certificate's CN to a reverse lookup of the server's IP?

You don't say what version of OpenLDAP you are using.  I know that 2.0 
fails to search the subjAltName directives.  However 2.1 does search 
there for the correct name.  If you are not wanting to generate a 
certificate that uses subjAltName (doing so will require that you 
generate your own certificates -- at least I haven't found a commercial 
certificate authority that would honor that for me) -- then you will 
need to modify the source code.

It sounds like a nice idea, but is it counter to the "authoritative" 
methods for verifying an SSL certificate?

-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Systems Programmer              | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
                    === God Bless Us All ===