Am Sun, 4 Oct 2015 19:18:19 +0500 schrieb Aneela Saleem aneela@platalytics.com:
I have followed this link http://stackoverflow.com/questions/21488845/how-can-i-generate-a-self-signed-certificate-with-subjectaltname-using-openssl. I update openssl.cnf file manually and added the ip address of other client machine. Then i generated ssl certificate. Now accessing ldaps:// platalytics.com:636 from other client machine (i also have added platalytics.com in /etc/hosts file) but unable to access it from external ip address. What i'm missing now?
Domain Name Service? Firewall? Routing Tables?
-Dieter
On Fri, Oct 2, 2015 at 5:35 PM, Aneela Saleem aneela@platalytics.com wrote:
Hi Michael,
Thanks for explaining. I just so far performed server side validation using the link http://www.openldap.org/faq/data/cache/185.html
Can you please guide me how can we perform client side verification? Means how to set subjectAltName extension?
On Fri, Oct 2, 2015 at 4:10 PM, Michael Ströder michael@stroeder.com wrote:
Aneela Saleem wrote:
What if i want to access LDAP from external source? how would it
recognize
platalytics.com?
Hope fully the client perfoms the TLS hostname check as defined in RFC 6125.
All hostnames and IP addresses used by clients have to be listed in the subjectAltName extension.
Ciao, Michael.