> > On 08/20/2014 03:58 PM, Elizabeth Jones wrote: >> additional info - >> I increased logging on my supplier and see this error now - >> >> TLS: hostname does not match CN in peer certificate >> >> When I created the replication agreement, it is giving me a default >> consumer, I don't know why. The default is ldap1.mycompany.com:389. >> >> The certificate from ldap1 has just ldap1 as the name. I entered ldap1 >> and port 636 when I created the agreement, but after I do this it >> becomes >> ldap1.mycompany.com:636. Would this be why its failing, it wants the >> certificate to have ldap1.mycompany.com in it rather than ldap1? > Correct, you need to use the fully qualified domain name for certificates. > > Regards, > Mark ok - what is confusing to me is that another server is able to replicate successfully to this server using this cert. I used the same script to generate the certs on all 4 servers, the setupssl2.sh script. -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
