On 06/23/2015 01:29 AM, Sumit Bose wrote:
There might be various reasons, e.g. if your certificate has the
Subject
Alternative Name attributes set, it has to match the fully qualified
domain name of your LDAP server. The issue in the KB article was about
missing the Basic Constraint Extension in self-signed certificates, but
it says that this is fixed in recent OpenLDAP versions.
Thanks! You mentioned the
Subject Alternative Name but I am not using
that in my cert. In my case I had to set the Common Name (CN) to the
FQDN of the server. After I generated a new cert with the correct CN it
started working.
I'm not sure where the error message itself comes from (openssl?), but
it was not in any way indicative of what the problem was.
Chris