On 06/14/13 14:42 -0400, Rodney Simioni wrote:
Hi,
In order to for LDAP to work with TLS, does the certificate names need to match the server name?
My admin gave me a certificate but it's called wildcard.com.cert, the name of my server is not 'wildcard'.
Analyze the contents of the cert and verify the CN is really '*.example.com':
openssl x509 -in wildcard.com.cert -text -noout
If so, then your LDAP clients probably will accept it as a valid certificate (this typically works for web browsers), but your mileage may vary.
We have worked with a wild card certificate provider before. In addition to offering a *.example.com cert, they may also offer a certain number of tertiary certificates (e.g. ldap.example.com) priced in with the wild card cert.