TLS: hostname does not match CN in peer certificate

Posted by borjamf on Server Fault See other posts from Server Fault or by borjamf
Published on 2012-11-28T19:26:35Z Indexed on 2014/08/23 4:22 UTC
Read the original article Hit count: 532

Filed under:
|
|

im trying to connect LDAP over StartTLS but Im stuck with an issue. I've followed step by step this guide https://help.ubuntu.com/12.04/serverguide/openldap-server.html#openldap-tls and LDAP it's working OK as well as "ldapsearch -xZZ -h 172.25.80.144" on my Ubuntu Sever 12.04

However, in my Ubuntu Desktop 11.04 Client I get this error:

ldapsearch -x -H 172.25.80.144 -ZZ 
ldap_start_tls: Connect error (-11)
                additional info: **TLS: hostname does not match CN in peer certificate**

Server /etc/ldap/ldap.conf

 BASE dc=prueba,dc=borja
 URI  ldap://prueba.borja
 SIZELIMIT 12
 TIMELIMIT 15
 DEREF     never
 TLS_CACERT /etc/ssl/certs/ca-certificates.crt

Client /etc/ldap.conf

 ssl start_tls
 tls_checkpeer no

/etc/ldap/ldap.conf

 BASE dc=prueba,dc=borja
 URI  ldap://prueba.borja
 SIZELIMIT 12
 TIMELIMIT 15
 DEREF never
 TLS_REQCERT allow

Anybody could tell me how to fix this? I think that the hostname its ok.

Thanks!

© Server Fault or respective owner

Related posts about ldap

Related posts about certificate