[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Multi-homed machine and TLS

To: openldap-software@OpenLDAP.org
Subject: Re: Multi-homed machine and TLS
From: Imobach González Sosa <igonzalez@becarios.ulpgc.es>
Date: Wed, 15 Sep 2004 11:24:34 +0100
Content-disposition: inline
In-reply-to: <200409151038.19104.igonzalez@becarios.ulpgc.es>
Organization: Servicio de Informática y Comunicaciones
References: <200409151038.19104.igonzalez@becarios.ulpgc.es>
User-agent: KMail/1.7

El Miércoles, 15 de Septiembre de 2004 10:38, Imobach González Sosa escribió:
> Hi all,
>
> We've got a multi-homed (and aliased machine) and we're using TLS to secure
> communications. The problem is about the certificate: the commonName must
> be the host's FQDN, but this machine could be referred using different
> names, so TLS only works with one of the host's names. I've read something
> about subjectAltName when generating the ssl certificates... is that the
> right direction to the solution?

Ok, we've generated a SSL certificate with 
subjectAltName=DNS:name1.sub.domain.com,DNS:name2.domain.com

If we type

$ openssl s_client -CAfile /usr/share/ssl/certs/cacert.pem \
-connect name2.domain.com:636 -tls1 -showcerts

it seems to work pretty fine (subjectAltName attribute is listed). However, 
when we try using ldapsearch, we've got a TLS error. It seems that it's only 
checking the commonName (if we specify the commonName instead of one of the 
aliases, it works).

Any idea? Thank you in advance.

-- 
Imobach González Sosa
Servicio de Informática y Comunicaciones de la ULPGC
e-mail: igonzalez@becarios.ulpgc.es
Teléfono: +34 928 459519

Follow-Ups:
- Re: Multi-homed machine and TLS
  - From: Dieter Kluenter <dieter@dkluenter.de>

References:
- Multi-homed machine and TLS
  - From: Imobach González Sosa <igonzalez@becarios.ulpgc.es>

Prev by Date: Re: configure: error: Berkeley DB version mismatch
Next by Date: RE: Multi-homed machine and TLS
Index(es):
- Chronological
- Thread