Hey there,
I've got a simple enough question: is it possible to use a certificate for TLS (through the TLSCertificateFile directive) on which the FQDN of the LDAP server is not on the CN but instead on the alternative name? I tried this, but I'm getting a "TLS init def ctx failed: -64" and I thought it might be because of this issue. I also couldn't find a list of the error numbers and their descriptions, making it harder for me to understand what's wrong...
Cheers,
Am Mon, 31 May 2010 15:08:15 +0100 schrieb Daniel Gomes dgomes@ipfn.ist.utl.pt:
Hey there,
I've got a simple enough question: is it possible to use a certificate for TLS (through the TLSCertificateFile directive) on which the FQDN of the LDAP server is not on the CN but instead on the alternative name? I tried this, but I'm getting a "TLS init def ctx failed: -64" and I thought it might be because of this issue. I also couldn't find a list of the error numbers and their descriptions, making it harder for me to understand what's wrong...
add subjectAltname=DNS:alternate.host.my.domain to the server certificate
-Dieter
2010/5/31 Daniel Gomes dgomes@ipfn.ist.utl.pt:
Hey there,
I've got a simple enough question: is it possible to use a certificate for TLS (through the TLSCertificateFile directive) on which the FQDN of the LDAP server is not on the CN but instead on the alternative name? I tried this, but I'm getting a "TLS init def ctx failed: -64" and I thought it might be because of this issue. I also couldn't find a list of the error numbers and their descriptions, making it harder for me to understand what's wrong...
Cheers,
--
You can. Did that a few weeks ago.
Turned out to be a permissions error, quickly followed by the (apparently common) GnuTLS issues. Since having TLS on that server is not demanding (it's just a slave), I don't feel like trying to find a solution. I guess I'll just later compile it by hand with OpenSSL (which is what I did on the master server).
Thanks for the help anyway!
Em 31-05-2010 17:54, Frank Van Damme escreveu:
2010/5/31 Daniel Gomesdgomes@ipfn.ist.utl.pt:
Hey there,
I've got a simple enough question: is it possible to use a certificate for TLS (through the TLSCertificateFile directive) on which the FQDN of the LDAP server is not on the CN but instead on the alternative name? I tried this, but I'm getting a "TLS init def ctx failed: -64" and I thought it might be because of this issue. I also couldn't find a list of the error numbers and their descriptions, making it harder for me to understand what's wrong...
Cheers,
--
You can. Did that a few weeks ago.
openldap-technical@openldap.org