On Tuesday 08 July 2008 19:05:05 Sambuddho Chakravarty wrote:
tls_cacertdir /etc/ldap/cacerts tls_cacertfile /etc/ldap/cacert/cacert.pem #server IP uri ldaps://30.0.0.2/
What is the subject CN on the certificate the server has?
Subject CN is the servers's CN./ST/C/emailAddress/O/OU
I was meaning, you should provide the actual value. If it is not 30.0.0.2, your certificate validation should work.
But, if you don't want help, don't post details that people need to help you.
So, what do you get if you try something like this:
$ openssl s_client -CAfile /etc/ldap/cacerts/cacert.pem -connect 30.0.0.2:636
Does the CN attribute in the server certificate you get back match the hostname in the URI?
No. I check this .
No it doesn't match? It does match? Why don't you provide the actual output? Or, don't you want help?