[389-users] secure replication failing
Elizabeth Jones
bajones at panix.com
Fri Aug 22 14:34:53 UTC 2014
>
> On 08/20/2014 03:58 PM, Elizabeth Jones wrote:
>> additional info -
>> I increased logging on my supplier and see this error now -
>>
>> TLS: hostname does not match CN in peer certificate
>>
>> When I created the replication agreement, it is giving me a default
>> consumer, I don't know why. The default is ldap1.mycompany.com:389.
>>
>> The certificate from ldap1 has just ldap1 as the name. I entered ldap1
>> and port 636 when I created the agreement, but after I do this it
>> becomes
>> ldap1.mycompany.com:636. Would this be why its failing, it wants the
>> certificate to have ldap1.mycompany.com in it rather than ldap1?
> Correct, you need to use the fully qualified domain name for certificates.
>
> Regards,
> Mark
ok - what is confusing to me is that another server is able to replicate
successfully to this server using this cert. I used the same script to
generate the certs on all 4 servers, the setupssl2.sh script.
More information about the 389-users
mailing list