On ti, 21 kesä 2022, Alex Bihlmaier via FreeIPA-users wrote:
Hiya.
I am running IPA server 4.6.8-5 on CentOS 7 and there is an issue registering a CentOS 8 client to this IPA System.
When using CentOS 7 registering works flawless.
On CentOS 8 it fails because: " Unable to initialize STARTTLS session Connect error: TLS: hostname does not match subjectAltName in peer certificate Failed to bind to server! Retrying with pre-4.0 keytab retrieval method... Unable to initialize STARTTLS session Connect error: TLS: hostname does not match subjectAltName in peer certificate Failed to bind to server! Failed to get keytab "
I will attach the complete log.
You have replaced HTTP certificate but probably did not replace LDAP one, is that correct?
Can you show what certificate is used by the LDAP server?
certutil -d /etc/dirsrv/slapd-INSTANCE/ -L -n Server-Cert
where INSTANCE is your instance value, e.g. for example.com that would be EXAMPLE-COM