On Tue, Jan 14, 2014 at 9:15 AM, Richard U <[email protected]> wrote:
> I have setup ApacheDS to use StartTLS and I can connect to it without > problem from Apache Directory Studio using the encryption method "Use > StartTLS extension" without problem. > I am not trying to configure my Ubuntu client to LDAP bind with this > ApacheDS server for user authentication. I can bind without encryption. > But when I setup to use "ssl start_tls" in my ldap.conf file, I got the > following error message > > TLS: hostname (....) does not match common name in certificate (apacheds). > > I have appended the "userCertificate" of "uid=admin,ou=system" to > /etc/ssl/certs/ca-certificate. > > I know that I can resolve this by setting the record for "apacheds" to > refer to the server IP address in /etc/hosts. However, this is not I want. > I want to use the full domain name to connect to the server. > > What is the right way to approach this problem? Shall I replace the > "userCertificate" value with another certificate? How to achieve that? > Also, the certificate shown in this field expire in 1 year? How shall we > maintain it? > > you need to create[1] a self-signed certificate and then replace the 'userCerificate' attribute's value with this new certificate [1] https://www.openssl.org/docs/HOWTO/certificates.txt > Sorry, I am new to using certificates. Thanks for answering my question. > -- Kiran Ayyagari http://keydap.com
