[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Subject Alternative Name in TLS - does this work?



W dniu 2013-10-18 14:23, Howard Chu napisaÅ(a):
Aleksander DzierÅanowski wrote:
On Fri, Oct 18, 2013 at 11:25:59AM +0100, lejeczek wrote:

[...]
my case is, well should be a lot more simpler, one box with

slapd.local.domain
slap.public.external

and this one host I would like to be able to search through on/via
both hostnames/IPs with TLS
so I issue myself and sign a certificate, CA issuer is
CA.local.domain

Subject: .......... CN=slapd.local.domain/email.........
and
X509v3 Subject Alternative Name:
                 DNS:slap.public.external, IP Address:ex.te.rn.al


Please add "slapd.local.domain" also to SAN and problem will be fixed.

Nonsense. Unnecessary.


Well, I found exactly this was problem when using Solaris / OpenSolaris / OpenIndiana LDAP client. Don't know what systems are used here - for linux it won't help.
--
Olo