FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 05-26-2012, 04:41 AM
Jeff Field
 
Default Using Wildcard SSL Certificate

Hello,
I'm attempting to use a Wildcard SSL certificate for my domain with 389ds. The certificate and the CA (godaddy) intermediate cert import fine into both the admin server and the directory server, but attempts to use an LDAPS:// URI with ldapmodify result in this error:



ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

curl gets this:

curl -vvv -3 https://myserver.ldap.mydomain.com:636
* About to connect() to myserver.ldap.mydomain.com port 636 (#0)


*** Trying x.x.x.x... connected
* Connected to myserver.ldap.mydomain.com (x.x.x.x) port 636 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*** CAfile: /etc/pki/tls/certs/ca-bundle.crt


* CApath: none
* SSL: certificate subject name '*.mydomain.com' does not match target host name 'myserver.ldap.mydomain.com'


* NSS error -12276
* Closing connection #0
curl: (51) SSL: certificate subject name '*.mydomain.com' does not match target host name 'myserver.ldap.mydomain.com'



Am I not able to use a wildcard SSL cert in this instance? If that is the case, what would my best course of action be?

Thanks,
-Jeff

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 05-26-2012, 08:45 PM
Patrick Morris
 
Default Using Wildcard SSL Certificate

On 5/25/2012 9:41 PM, Jeff Field wrote:


Hello,

I'm attempting to use a Wildcard SSL certificate for my domain
with 389ds. The certificate and the CA (godaddy) intermediate cert
import fine into both the admin server and the directory server,
but attempts to use an LDAPS:// URI with ldapmodify result in this
error:



ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)



curl gets this:



curl: (51) SSL: certificate subject name '*.mydomain.com'
does not match target host name 'myserver.ldap.mydomain.com'



Am I not able to use a wildcard SSL cert in this instance? If that
is the case, what would my best course of action be?




The problem here isn't that you're using a wildcard certificate,
it's that your wildcard certificate truly does not match your server
name.



The "*" in a wildcard certificate does not allow you to span
subdomains.* *.mydomain.com would match for ldap.mydomain.com, but
if you add further names below that, it won't match.*
*.ldap.mydomain.com would match and probably work correctly for you,
given the hostname you are using.



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 11:36 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org