[Date Prev][Date Next] [Chronological] [Thread] [Top]

Some TLS questions

To: openldap-software@OpenLDAP.org
Subject: Some TLS questions
From: Jean-Rene Cormier <jean-rene.cormier@cipanb.ca>
Date: Wed, 21 Jul 2004 08:03:52 -0300

Hi, I'm currently setting up a new OpenLDAP 2.1.29 server on FC2 and I
had some questions about TLS. I've set it up using a self signed CA and
it works when I do a simple bind (with the -ZZ option) using the FQDN,
if I use the IP address I get this error message:

ldap_start_tls: Connect error (-11)
additional info: TLS: hostname does not match CN in peer certificate

Is there a way I can create the certificate so I can connect to the
server using different hostnames so I could use CNAMEs to make
openldap.mydomain.com point to hostname.mydomain.com?

Also this is not really specific to OpenLDAP and more of a generic
SSL/TLS question but if you have different services running on one
server do you use the same certificate/private key for both services or
do you create a new one? If you create a new one, can you use the same
CN for both certificate?

I'm sorry for being off-topic here but if someone could point me to some
info or a better mailing list for this I would really appreciate.

TIA

-- 
Jean-Rene Cormier <jean-rene.cormier@cipanb.ca>

Follow-Ups:
- Re: Some TLS questions
  - From: Dave Lewney <d.m.lewney@sussex.ac.uk>
- Re: Some TLS questions
  - From: Andreas <andreas@conectiva.com.br>
- Re: Some TLS questions
  - From: Donn Cave <donn@u.washington.edu>
- Re: Some TLS questions
  - From: Tony Earnshaw <tonye@billy.demon.nl>

Prev by Date: WG: slapadd with BDB
Next by Date: Re: change password not possible for all users
Index(es):
- Chronological
- Thread