Sorry spell checker on my phone did some thing going strange it replaced CNAME with came.
So in the alternative CNAME scenario the subject can match a CNAME in the DNS but that CNAME must match an A record with a matching reverse lookup record for the forward A record.

You can also use /etc / hosts files to work around this on Windows it's located in C:\windows\system32\etc


Sent from my BlackBerry - the most secure mobile device
From: prmarino1@gmail.com
Sent: October 10, 2017 6:06 AM
To: 389-users@lists.fedoraproject.org
Cc: stella.leloch@urssaf.fr
Subject: Re: [389-users] 389DS console with HTTPS

This is a general SSL TLS thing.
In general the host must be resolvable Via a A record in the DNS which matches both a forward and reverse lookup. Alternatively you can use a came for the forward lookup but it must map to a A record which has a matching reverse lookup record to the A record the came points to.

Sent from my BlackBerry - the most secure mobile device
Sent: October 10, 2017 2:54 AM
Subject: [389-users] 389DS console with HTTPS



Hello,

Is it possible to secure communication between my 389DS console on my Window7 client computer and my 389-admin server on my Centos Server ?
I want to use HTTPS instead HTTP.
Is there any limitation between the server's FQDN and the subject of the Centos HTTPS server certificate ?

You will find below releases and versions of my main 389 components:
  • Centos Linux release 7.3.1611 (Core)
  • 389-admin Version: 1.1.46 Release: 1.el7
  • 389-ds-base Version: 1.3.5.10 Release 15.el7_3
  • 389-admin-console Version 1.1.12 Release 1.el7
  • 389-console Version 1.1.18 Release 1.el7
  • 389 Management Console on Windows 7: Console Framework  1.1.14
Best regards,

Vincent CAZAUBON
Centre informatique - Cirti
SI-SECURITE
Architecture/intégrateur ldap
2 rue de Coulongé CS 61911 44319 NANTES Cedex 03
vincent.cazaubon@urssaf.fr

Contribuons au respect de l'environnement, n'imprimez ce courriel qu'en cas de nécessité et ayez le réflexe recto-verso