Am Tue, 6 Oct 2015 00:00:43 +0500
schrieb Aneela Saleem <aneela(a)platalytics.com>:
Do we need to have CA certificate/server key on other client
machine
as well? If yes, then how can we achieve that?
Yes, you have to install a CA certificate on all hosts that want to
access a ldap server, and the client application on remote hosts need
to know the place ot this CA, usually that is configured in
ldap.conf(5), but it depends on the clients ability.
-Dieter
On Sun, Oct 4, 2015 at 9:00 PM, Dieter Klünter <dieter(a)dkluenter.de>
wrote:
> Am Sun, 4 Oct 2015 19:18:19 +0500
> schrieb Aneela Saleem <aneela(a)platalytics.com>:
>
> > I have followed this link
> > <
>
http://stackoverflow.com/questions/21488845/how-can-i-generate-a-self-sig...
> >.
> > I update openssl.cnf file manually and added the ip address of
> > other client machine. Then i generated ssl certificate. Now
> > accessing ldaps:// platalytics.com:636 from other client machine
> > (i also have added
platalytics.com in /etc/hosts file) but unable
> > to access it from external ip address. What i'm missing now?
>
> Domain Name Service? Firewall? Routing Tables?
>
> -Dieter
>
> >
> > On Fri, Oct 2, 2015 at 5:35 PM, Aneela Saleem
> > <aneela(a)platalytics.com> wrote:
> >
> > > Hi Michael,
> > >
> > > Thanks for explaining. I just so far performed server side
> > > validation using the link
> > > <
http://www.openldap.org/faq/data/cache/185.html>
> > >
> > > Can you please guide me how can we perform client side
> > > verification? Means how to set subjectAltName extension?
> > >
> > > On Fri, Oct 2, 2015 at 4:10 PM, Michael Ströder
> > > <michael(a)stroeder.com> wrote:
> > >
> > >> Aneela Saleem wrote:
> > >> > What if i want to access LDAP from external source? how
> > >> > would it
> > >> recognize
> > >> > platalytics.com?
> > >>
> > >> Hope fully the client perfoms the TLS hostname check as
> > >> defined in RFC 6125.
> > >>
> > >> All hostnames and IP addresses used by clients have to be
> > >> listed in the subjectAltName extension.
> > >>
> > >> Ciao, Michael.
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E