Re: SOLVED: NSPR "Certificate type not approved for application" error when a TLS-enabled proxy LDAP OpenLDAP server connects to Fedora Directory Server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Rich Megginson wrote:
I'm not sure how NSS handles certificate verification with subjectAltName. I know that in order for the validation to work without subjectAltName, the leftmost RDN in the subjectDN must be cn=FQDN of the server e.g. cn=ldap1.example.com, ou=Fedora Directory Server, dc=example, dc=com 

Yes, for server certs which are validated by the client.


I'm also not sure if that applies to cert based auth.


It doesn't.

Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux