[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: load balancer with SSL

To: openldap-software@openldap.org
Subject: Re: load balancer with SSL
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Wed, 18 Oct 2006 20:08:22 +0200
In-reply-to: <233eb300610180942h1341837bjb2d3386389ffd229@mail.gmail.com> (Jeremiah Martell's message of "Wed, 18 Oct 2006 12:42:12 -0400")
References: <233eb300604240755n531cf8e2vbca23c8e476a2938@mail.gmail.com> <1145892082.5875.8.camel@zephyr.internal.amnh.org> <233eb300604261246h4778ba91tc6ea9fa53a4d7bb4@mail.gmail.com> <1146083365.6026.9.camel@zephyr.internal.amnh.org> <233eb300604270446m4c1a2c12hb1fefbafe41e3cdb@mail.gmail.com> <233eb300606090658i1f5fa8bfx940f6f3d185aadbf@mail.gmail.com> <1149866630.28931.7.camel@localhost> <4489BFBC.2020009@symas.com> <233eb300610180942h1341837bjb2d3386389ffd229@mail.gmail.com>
User-agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.5 (chestnut, linux)

"Jeremiah Martell" <inlovewithgod@gmail.com> writes:

>> >
>> > Jeremiah,
[...]
> TLS: hostname (loadbalancer.example.com) does not match common name in
> certificate (server1.example.com).

The host certificate is issued for CN:server1.example.com, but the
host you are connecting to is loadbalancer.example.com.
You have to create a subject alternative name in the hosts
certificate. That is, you have to configure a subjectAltName in
openssl.cnf, something like
...
[ usr_cert ]
...
subjectAltName=DNS:localhost, DNS:loadbalancer.example.com

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
N 53°37'10.08"
E 10°08'02.82"
GPG Key ID:8EF7B6C6

References:
- Re: load balancer with SSL
  - From: "Jeremiah Martell" <inlovewithgod@gmail.com>

Prev by Date: Re: ldapadd error
Next by Date: RE: changing the base dn
Index(es):
- Chronological
- Thread