SUMMARY: SSL/TLS Problem with CA-signed Certs
2007-12-25 4:37:00
set, which one of my co-workers discovered. The SSL connections worked
fine once that was remedied with a correct CA certificate. We suspect that
without the CA flag set the SSL verification process mistook it for the
server certificate itself, resulting in the error indicating a mismatch in
the CN of the CA certificate and the FQDN of the server.
Thank you to those individuals that shared your thoughts on this with me.
--
Michael H. Buselli
mbuselli at cccis.com
=======
Hello,
I cannot get nss_ldap or ldapclient (Solaris 10 client, native commands) to
work right when the LDAP server uses TLS and a CA-signed server certificate
(works fine if I use a self-signed server cert). Has anyone encountered
this problem and/or know how to fix it? The error I get when using a
CA-signed cert is:
Mar 3 00:20:45 conjunct ldapsearch[22589]: [ID 605618 user.error]
libldap: CERT_VerifyCertName: cert server name 'cccis certificate
authority' does not match 'cccqadc-1.qawin.cccis.com': SSL connection
denied
Both certificates were added to the cert7.db files during testing. I used
both Windows (W2K3 Active Directory) and Linux (OpenLDAP) for the servers
during testing. Non-Solaris clients (such as OpenLDAP ldapsearch and the
LDAP Browser-Editor by Jarek Gawor) work fine with either kind of
certificate.
Thank you!
--
Michael H. Buselli
mbuselli at cccis.com
Comments
Got something to say?
You must be logged in to post a comment.
