Do we need to have CA certificate/server key  on other client machine as well? If yes, then how can we achieve that?

On Sun, Oct 4, 2015 at 9:00 PM, Dieter Klünter <dieter@dkluenter.de> wrote:
Am Sun, 4 Oct 2015 19:18:19 +0500
schrieb Aneela Saleem <aneela@platalytics.com>:

> I have followed this link
> <http://stackoverflow.com/questions/21488845/how-can-i-generate-a-self-signed-certificate-with-subjectaltname-using-openssl>.
> I update openssl.cnf file manually and added the ip address of other
> client machine. Then i generated ssl certificate. Now accessing
> ldaps:// platalytics.com:636 from other client machine (i also have
> added platalytics.com in /etc/hosts file) but unable to access it
> from external ip address. What i'm missing now?

Domain Name Service? Firewall? Routing Tables?

-Dieter

>
> On Fri, Oct 2, 2015 at 5:35 PM, Aneela Saleem <aneela@platalytics.com>
> wrote:
>
> > Hi Michael,
> >
> > Thanks for explaining. I just so far performed server side
> > validation using the link
> > <http://www.openldap.org/faq/data/cache/185.html>
> >
> > Can you please guide me how can we perform client side
> > verification? Means how to set subjectAltName extension?
> >
> > On Fri, Oct 2, 2015 at 4:10 PM, Michael Ströder
> > <michael@stroeder.com> wrote:
> >
> >> Aneela Saleem wrote:
> >> > What if i want to access LDAP from external source? how would it
> >> recognize
> >> > platalytics.com?
> >>
> >> Hope fully the client perfoms the TLS hostname check as defined in
> >> RFC 6125.
> >>
> >> All hostnames and IP addresses used by clients have to be listed
> >> in the subjectAltName extension.
> >>
> >> Ciao, Michael.
> >>
> >>
> >



--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E