[Date Prev][Date Next] [Chronological] [Thread] [Top]

Subject Alternative Name in TLS - does this work?

To: openldap-technical@openldap.org
Subject: Subject Alternative Name in TLS - does this work?
From: lejeczek <peljasz@yahoo.co.uk>
Date: Thu, 17 Oct 2013 16:49:44 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s1024; t=1382024984; bh=s6n9jGIH7gr/KXifFPID3h8stQyV5C3ie9m75Xvqd1Y=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:X-Rocket-Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding; b=gWnqx5Yh3shTstr036MkvSMxay52V11Qxrobgab+Ry/FaRqSCWuOiEdXNQiS1o3KWdStKkIXyixB1pY3ODK9InsU5trkLXiJuPJqdGuTkes/NTr6SN3CITyXENAzf1VMj4oQg00yF5moTILrMF+02jrLacg3LF4Jis4g9np4zvY=
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130805 Thunderbird/17.0.8

dear all

I'm trying to set a seeminglysimple setup

having a box with openldap I want it to use TLS on bothinternal and external hostnames/IPs


openldap was set up earlier and was/is working
I generate TLS certificate with SAN
everything seems working fine
but

when I ldapsearch on external fqdn/IP (which in thecertificate is the subjectAltName) search failswhereas it succeeds on internal fqdn(which is the hostname/CN in the certificate)

error is: additional info: TLS error -8157:Certificateextension not found.

is such a scenario even possible? having very same DN beingserved on more than one name via TLS?


best wishes

Follow-Ups:
- RE: Subject Alternative Name in TLS - does this work?
  - From: Chris Jacobs <Chris.Jacobs@apollogrp.edu>
- Re: Subject Alternative Name in TLS - does this work?
  - From: Erwann Abalea <eabalea@gmail.com>
- Re: Subject Alternative Name in TLS - does this work?
  - From: Christian Kratzer <ck-lists@cksoft.de>

Prev by Date: Re: Does MDB backend shrinks on disk files after delete operation?
Next by Date: RE: Subject Alternative Name in TLS - does this work?
Index(es):
- Chronological
- Thread