Hostname does not match CN....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>
>
> TLS: hostname(ldap.domain.example.com 
> <http://ldap.domain.example.com>) does not match common name in
>
> certificate (nodo1.domain.example.com <http://nodo1.domain.example.com>)
>
> ...now...how can I solve it??
>

For the setup you described, you'd probably want to use a single 
certificate, signed with a CN of 'ldap.domain.example.com'.

This will make it possible for your server cert CNs and hostnames to 
match consistently, regardless of which machine (nodo1 or nodo2) the 
clients end up talking to.

Alessandro Binarelli wrote:
>
>
> 2006/4/3, George Holbert <gholbert at broadcom.com 
> <mailto:gholbert at broadcom.com>>:
>
>     >
>     > [root at test]# ldapsearch -x -ZZ '(uid=testuser)'
>     > ldap_start_tls: Connect error (-11)
>     >         additional info: TLS:hostname does not match CN in peer
>     > certificate
>     >
>     >
>     > How can I solve ?
>
>     The server hostname you pass to ldapsearch must exactly match the
>     CN in
>     the certificate you signed for the server.
>
>     So, if you signed the certificate with a fully-qualified domainname
>     (e.g. ldaphost.example.com <http://ldaphost.example.com>),
>     use "-h ldaphost.example.com <http://ldaphost.example.com>"
>     instead of "-h ldaphost".
>
>  
>  
>
> Sigh...I found the problem...so:
>
> I set up Fedora DS in cluster scenario with two node..nodo1 and 
> nodo2...with their real ip address and I make a multimaster 
> replication; taking advantage of ldap protocol I set up an floating ip 
> address and an entry to dns that point to ldap.domain.example.com 
> <http://ldap.domain.example.com> with that ip...therefore if I make a 
> query to ldap.domain.example.com <http://ldap.domain.example.com>, 
> depending if floating ip is up on nodo1 or nodo2 the DS server answer 
> to query taking advantage to multimaster replication...this scenario 
> works very well in clear mode....but I saw that if I set up ssl 
> encryption and try to verify it, the answer is:
>
> [root at test]# ldapsearch -h ldap.domain.example.com 
> <http://ldap.domain.example.com> -x -ZZ '(ObjectClass=*:)' -d 1
>
> -CUT-
>
> TLS: hostname(ldap.domain.example.com 
> <http://ldap.domain.example.com>) does not match common name in
>
> certificate (nodo1.domain.example.com <http://nodo1.domain.example.com>)
>
>  
>
> ...now...how can I solve it??
>
>
>  
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux