TLS: hostname does not match CN in peer certificate
Posted
by
borjamf
on Server Fault
See other posts from Server Fault
or by borjamf
Published on 2012-11-28T19:26:35Z
Indexed on
2014/08/23
4:22 UTC
Read the original article
Hit count: 532
im trying to connect LDAP over StartTLS but Im stuck with an issue. I've followed step by step this guide https://help.ubuntu.com/12.04/serverguide/openldap-server.html#openldap-tls and LDAP it's working OK as well as "ldapsearch -xZZ -h 172.25.80.144" on my Ubuntu Sever 12.04
However, in my Ubuntu Desktop 11.04 Client I get this error:
ldapsearch -x -H 172.25.80.144 -ZZ
ldap_start_tls: Connect error (-11)
additional info: **TLS: hostname does not match CN in peer certificate**
Server /etc/ldap/ldap.conf
BASE dc=prueba,dc=borja
URI ldap://prueba.borja
SIZELIMIT 12
TIMELIMIT 15
DEREF never
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
Client /etc/ldap.conf
ssl start_tls
tls_checkpeer no
/etc/ldap/ldap.conf
BASE dc=prueba,dc=borja
URI ldap://prueba.borja
SIZELIMIT 12
TIMELIMIT 15
DEREF never
TLS_REQCERT allow
Anybody could tell me how to fix this? I think that the hostname its ok.
Thanks!
© Server Fault or respective owner