[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP and TLS

To: Rodney Simioni <rodney.simioni@verio.net>
Subject: Re: LDAP and TLS
From: Dan White <dwhite@olp.net>
Date: Fri, 14 Jun 2013 14:45:19 -0500
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <0971982CF6B9AB418FFD5FEF7F50CB9F0603DA01@IAD-WPRD-XCHB03.corp.verio.net>
References: <0971982CF6B9AB418FFD5FEF7F50CB9F0603DA01@IAD-WPRD-XCHB03.corp.verio.net>
User-agent: Mutt/1.5.21 (2010-09-15)

On 06/14/13 14:42 -0400, Rodney Simioni wrote:

Hi,

In order to for LDAP to work with TLS, does the certificate names need
to match the server name?

My admin gave me a certificate but it's called wildcard.com.cert, the
name of my server is not 'wildcard'.


Analyze the contents of the cert and verify the CN is really '*.example.com':

openssl x509 -in wildcard.com.cert -text -noout

If so, then your LDAP clients probably will accept it as a valid
certificate (this typically works for web browsers), but your mileage may
vary.

We have worked with a wild card certificate provider before. In addition to
offering a *.example.com cert, they may also offer a certain number of
tertiary certificates (e.g. ldap.example.com) priced in with
the wild card cert.

--
Dan White

Follow-Ups:
- RE: LDAP and TLS
  - From: "Rodney Simioni" <rodney.simioni@verio.net>

References:
- LDAP and TLS
  - From: "Rodney Simioni" <rodney.simioni@verio.net>

Prev by Date: Re: LDAP and TLS
Next by Date: RE: LDAP and TLS
Index(es):
- Chronological
- Thread