On Mon, Apr 18, 2016 at 12:25 PM, Howard Chu <hyc@symas.com> wrote:
Prashanth P.Nair wrote:

Hi All

Currently my LDAP server is having self signed FQDN based SSL certificate .I
would like to have  IP based SSL certificate for the same node.IS that feasible ?

Yes. http://www.openldap.org/faq/data/cache/185.html


Below certificate issued to FQDN  i.e CN=FQN.

TLSCACertificateFile    /etc/ssl/ldap.pem
TLSCertificateKeyFile   /etc/ssl/ldap.pem
TLSCertificateFile      /etc/ssl/ldap.pem


Please advise on the same.

Br/Prashanth.P



Thank you Howard.
I gone thorough the document,it says configuring modifying/creating  the  certificate with subjectAltName .

Is it possible have  two separate SSL certificate for same node(IP and FQDN). like below.


TLSCACertificateFile    /etc/ssl/ldap.pem
TLSCertificateKeyFile   /etc/ssl/ldap.pem
TLSCertificateFile      /etc/ssl/ldap.pem

TLSCACertificateFile    /etc/ssl/ldap2.pem
TLSCertificateKeyFile   /etc/ssl/ldap2.pem
TLSCertificateFile      /etc/ssl/ldap2.pem

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/