Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: TLS : hostname does not match CN in peer certificate

  1. #11

    Default Re: TLS : hostname does not match CN in peer certificate

    thx & lol ...

    i did that downloading thing (entered file:///root/myvert.pem and it saved my file to /etc/openldap/cacert/...) and after this - i'm back at "hostname does not match CN in peer certificate" :-D

    tia

  2. #12
    Join Date
    Sep 2009
    Location
    UK
    Posts
    302

    Default Re: TLS : hostname does not match CN in peer certificate

    Just a thought ... see my 'note 1' in the previous post

    I know this isn't an answer to your problem but I gave
    up on opensuse as a server - We are a school so we
    can get Novell Suse really cheap - if you can find a
    way to get it we have found that opensuse clients
    and Novell Suse servers work really well

  3. #13

    Default Re: TLS : hostname does not match CN in peer certificate

    Hi everyone. Sorry to open this up again. opensuse 11.4

    I have tried all the combinations of the methods described above but still I get the error: hostname does not match CN in peer certificate.

    My hostname is hh1.com. My DN is cn=admin,dc=com.

    I have ldap working fine without tls.

    My question is: what should the CN in the peer certificate be for me?

    Thanks.

  4. #14
    Join Date
    Sep 2009
    Location
    UK
    Posts
    302

    Default Re: TLS : hostname does not match CN in peer certificate

    I did get it working eventually. I'll rebuild the setup tomorrow at work and get back to you

    M

  5. #15
    Join Date
    Sep 2009
    Location
    UK
    Posts
    302

    Default Re: TLS : hostname does not match CN in peer certificate

    Sorry I didn't get back to you yesterday. My employer keeps making me do boring stuff like work.

    OK, I knocked together an opensuse ldapserver/nfs/automount etc more or less the same way
    as I do a Novell Suse with an opensuse 12.1 client and it all worked as advertised. The
    only thing that happened is I had your erroronce when I forgot to use the fqdn and
    used the ip address instead. I think the moral of the story is NEVER use anything
    other than the fqdn in anything for both server and client and it seems to work just
    fine.

    It doesn't seem to matter what you call the Root CA as long as the server certificate
    common name is the the same as the machine ( you could look at one of my other
    post 'hostname vs fqdn' - I always make them the same. You might get odd results if
    they are different ) There is another post of mine called 'Certificates' to which a guy
    wrote a blog called Certificates for Dummies that is very interesting and informative.

    I also noticed that if you ever use the ip address on the client end it's very difficult
    to get it to forget that and use the fqdn

    Anyway maybe that will help ( or maybe not, but at least I tried )

    M

Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •