From: MBuselli@cccis.com
Date: Fri Mar 04 2005 - 12:47:17 EST
The problem ended up being that the CA certificate did not have the CA flag
set, which one of my co-workers discovered. The SSL connections worked
fine once that was remedied with a correct CA certificate. We suspect that
without the CA flag set the SSL verification process mistook it for the
server certificate itself, resulting in the error indicating a mismatch in
the CN of the CA certificate and the FQDN of the server.
Thank you to those individuals that shared your thoughts on this with me.
-- Michael H. Buselli mbuselli@cccis.com ======= Hello, I cannot get nss_ldap or ldapclient (Solaris 10 client, native commands) to work right when the LDAP server uses TLS and a CA-signed server certificate (works fine if I use a self-signed server cert). Has anyone encountered this problem and/or know how to fix it? The error I get when using a CA-signed cert is: Mar 3 00:20:45 conjunct ldapsearch[22589]: [ID 605618 user.error] libldap: CERT_VerifyCertName: cert server name 'cccis certificate authority' does not match 'cccqadc-1.qawin.cccis.com': SSL connection denied Both certificates were added to the cert7.db files during testing. I used both Windows (W2K3 Active Directory) and Linux (OpenLDAP) for the servers during testing. Non-Solaris clients (such as OpenLDAP ldapsearch and the LDAP Browser-Editor by Jarek Gawor) work fine with either kind of certificate. Thank you! -- Michael H. Buselli mbuselli@cccis.com _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:17 EDT