[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL based ldap server



Am Sun, 4 Oct 2015 19:18:19 +0500
schrieb Aneela Saleem <aneela@platalytics.com>:

> I have followed this link
> <http://stackoverflow.com/questions/21488845/how-can-i-generate-a-self-signed-certificate-with-subjectaltname-using-openssl>.
> I update openssl.cnf file manually and added the ip address of other
> client machine. Then i generated ssl certificate. Now accessing
> ldaps:// platalytics.com:636 from other client machine (i also have
> added platalytics.com in /etc/hosts file) but unable to access it
> from external ip address. What i'm missing now?

Domain Name Service? Firewall? Routing Tables?

-Dieter

> 
> On Fri, Oct 2, 2015 at 5:35 PM, Aneela Saleem <aneela@platalytics.com>
> wrote:
> 
> > Hi Michael,
> >
> > Thanks for explaining. I just so far performed server side
> > validation using the link
> > <http://www.openldap.org/faq/data/cache/185.html>
> >
> > Can you please guide me how can we perform client side
> > verification? Means how to set subjectAltName extension?
> >
> > On Fri, Oct 2, 2015 at 4:10 PM, Michael Ströder
> > <michael@stroeder.com> wrote:
> >
> >> Aneela Saleem wrote:
> >> > What if i want to access LDAP from external source? how would it
> >> recognize
> >> > platalytics.com?
> >>
> >> Hope fully the client perfoms the TLS hostname check as defined in
> >> RFC 6125.
> >>
> >> All hostnames and IP addresses used by clients have to be listed
> >> in the subjectAltName extension.
> >>
> >> Ciao, Michael.
> >>
> >>
> >



-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E