ldap_start_tls: Connect error (-11)

List overview All Threads
Download

newer

older

OL2.4 provider && OL2.2 consumer?

libldap_r thread-safety problems

JOYDEEP

19 Mar 2007 19 Mar '07

10:41 p.m.

Dear list,

I have self signed certificate. Now the command * ldpasearch -x -ZZ -d 255* shows

TLS: hostname (127.0.0.1) does not match common name in certificate (linux.kolkatainfoservices.in). ldap_perror ldap_start_tls: Connect error (-11) additional info: TLS: hostname does not match CN in peer certificate

I have checked with the *hostname* command in linux and it shows the hostname as linux.kolkatainfoservices.in

I am really confused here. could any one suggest any solution please ?

Show replies by date

louis gonzales

19 Mar 19 Mar

11:37 p.m.

You have to generate the certificate with "linux.kolkatainfoservices.in" and not "127.0.0.1"

JOYDEEP wrote:

...

Dear list,

I have self signed certificate. Now the command * ldpasearch -x -ZZ -d 255* shows

TLS: hostname (127.0.0.1) does not match common name in certificate (linux.kolkatainfoservices.in). ldap_perror ldap_start_tls: Connect error (-11) additional info: TLS: hostname does not match CN in peer certificate

I have checked with the *hostname* command in linux and it shows the hostname as linux.kolkatainfoservices.in

I am really confused here. could any one suggest any solution please ?

-- Email: louis.gonzales@linuxlouis.net WebSite: http://www.linuxlouis.net "Open the pod bay doors HAL!" -2001: A Space Odyssey "Good morning starshine, the Earth says hello." -Willy Wonka

JOYDEEP

20 Mar 20 Mar

12:06 a.m.

louis gonzales wrote:

...

You have to generate the certificate with "linux.kolkatainfoservices.in" and not "127.0.0.1"

Thanks but I have found the problem. In ldap.conf file the host setting was HOST 127.0.0.1 and I have changed it to HOST linux.kolkatainfoservices.in

and now -ZZ is working fine.

thanks

...

JOYDEEP wrote:

...
Dear list,

I have self signed certificate. Now the command * ldpasearch -x -ZZ -d 255* shows

TLS: hostname (127.0.0.1) does not match common name in certificate (linux.kolkatainfoservices.in). ldap_perror ldap_start_tls: Connect error (-11) additional info: TLS: hostname does not match CN in peer certificate

I have checked with the *hostname* command in linux and it shows the hostname as linux.kolkatainfoservices.in

I am really confused here. could any one suggest any solution please ?

Tony Earnshaw

12:25 a.m.

JOYDEEP wrote, on 20. mar 2007 06:41:

...

I have self signed certificate. Now the command * ldpasearch -x -ZZ -d 255* shows

TLS: hostname (127.0.0.1) does not match common name in certificate (linux.kolkatainfoservices.in). ldap_perror ldap_start_tls: Connect error (-11) additional info: TLS: hostname does not match CN in peer certificate

I have checked with the *hostname* command in linux and it shows the hostname as linux.kolkatainfoservices.in

I am really confused here. could any one suggest any solution please ?

It's probable that you're running slapd on 127.0.0.1 (localhost), whereas it should be running on the IP address of linux.kolkatainfoservices.in exclusively. Moreover you should have linux.kolkatainfoservices.in with its IP number in /etc/hosts, so that there's no mistaking its address.

We've (almost all of us) all been through this when we were starting out with certs :)

--Tonni

-- Tony Earnshaw Email: tonni at hetnet dot nl

6487

Age (days ago)

6487

Last active (days ago)

openldap-software@openldap.org

3 comments

3 participants

tags (0)

participants (3)

JOYDEEP
louis gonzales
Tony Earnshaw