[389-users] Using Wildcard SSL Certificate
Patrick Morris
patrick.morris at hp.com
Sat May 26 20:45:11 UTC 2012
On 5/25/2012 9:41 PM, Jeff Field wrote:
> Hello,
> I'm attempting to use a Wildcard SSL certificate for my domain with
> 389ds. The certificate and the CA (godaddy) intermediate cert import
> fine into both the admin server and the directory server, but attempts
> to use an LDAPS:// URI with ldapmodify result in this error:
>
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>
> curl gets this:
>
> curl: (51) SSL: certificate subject name '*.mydomain.com
> <http://mydomain.com>' does not match target host name
> 'myserver.ldap.mydomain.com <http://myserver.ldap.mydomain.com>'
>
> Am I not able to use a wildcard SSL cert in this instance? If that is
> the case, what would my best course of action be?
The problem here isn't that you're using a wildcard certificate, it's
that your wildcard certificate truly does not match your server name.
The "*" in a wildcard certificate does not allow you to span
subdomains. *.mydomain.com would match for ldap.mydomain.com, but if
you add further names below that, it won't match. *.ldap.mydomain.com
would match and probably work correctly for you, given the hostname you
are using.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120526/b6bc0c2a/attachment.html>
More information about the 389-users
mailing list