I actually set "nsslapd-ssl-check-hostname" to "off" in the cn=config object! -Reinhard -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Dennis De Marco Sent: Wednesday, June 20, 2007 1:05 PM To: General discussion list for the Fedora Directory server project. Subject: Re: Replication over SSL withsimpleauthentication I've had this issue using subjectAltName in my certificates to load balance behind a VIP. I turned off the checkbox 'verify hostname in SSL certificate on outgoing connections' I am not sure why this is happening, but I do not have any other certificate problems with ldapsearch, nor authentication. - Dennis On Fri, 2007-06-15 at 14:47 -0400, Reinhard Nappert wrote: > Hi, > > I SSL-enabled two Directory Servers and I can access them over LDAPS > using ldapsearch and other clients. I enabled both servers with the > steps from the setupssl script. However, when I to set replication up, > I get: > > [15/Jun/2007:13:32:56 -0400] conn=6057 op=-1 fd=69 closed - SSL peer > cannot verify your certificate. > > I did import the CA cert (self-signed) to the other server, both > ways, since I want to have multi-mastering. > > By the way, I checked the serial numbers of the certs and they are not > identical. > > Does anyone have an idea why the replication fails. > > Thanks, > -Reinhard > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users