[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Client - Server Authentication Using Certificates
On Monday, May 10, 2004, at 09:43 AM, Laurence wrote:
Please note that I have substituted my actual hostname for
host.invalid.
The first problem is with my certificate. Due to the computing policy
we have here, the CN in the subject of the certificate is
CN=host/host.invalid and hence when I try to do the ldapsearch I
obtain the following error message.
TLS: hostname (host.invalid) does not match common name in certificate
(host/host.invalid).
The first question would be, is it possible to "tune" this with the
ldap configuration or does it make an assumption that the name on the
certificate has to be the same as the hostname.
Some clients, including OpenLDAP, will look first at the `Subject
Alternative
Name' field, in the certificate. If your site generates its own
certificates
and doesn't have any policy on that field, it could be an option.
Donn Cave, donn@u.washington.edu