Hi,
I am trying to do a ldapsearch with ssl enabled....and I get this error,
8><----------
[root@hack openldap]# ldapsearch -x -ZZ '(uid=jonesst1)'
ldap_start_tls: Connect error (-11)
additional info: TLS: hostname does not match CN in peer
certificate
/etc/openldap/ldap.conf looks like this,
#=========
#ssl setup
# http://www.padl.com
base dc=vuw,dc=ac,dc=nz
pam_password md5
BASE dc=vuw,dc=ac,dc=nz
TLS_REQCERT allow
#TLS_REQCERT never
host ldap.vuw.ac.nz
ssl start_tls
uri ldap://ldap.vuw.ac.nz/
tls_cacertdir /etc/openldap/cacerts
So my understanding was I had the cn= wrong, "cn=vuw.ac.nz" but I have
corrected this "cn=vuwunicvfdsm001.vuw.ac.nz" and I am still getting the
error....
I used this command,
7. Generate the server certificate:
../shared/bin/certutil -S -n "Server-Cert" -s \
"cn=vuwunicvfdsm001.vuw.ac.nz" -c "CA certificate" -t "u,u,u" -m 1001 -v
\
120 -d . -z noise.txt -f pwdfile.txt
So what did I do wrong?
regards
Steven Jones
Senior Linux/Unix/San/Vmware System Administrator
APG -Technology Integration Team
Victoria University of Wellington
Phone: +64 4 463 6272
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
