The problem ended up being that the CA certificate did not have the CA flag set, which one of my co-workers discovered. The SSL connections worked fine once that was remedied with a correct CA certificate. We suspect that without the CA flag set the SSL verification process mistook it for the server certificate itself, resulting in the error indicating a mismatch in the CN of the CA certificate and the FQDN of the server. Thank you to those individuals that shared your thoughts on this with me. -- Michael H. Buselli mbuselli@cccis.com ======= Hello, I cannot get nss_ldap or ldapclient (Solaris 10 client, native commands) to work right when the LDAP server uses TLS and a CA-signed server certificate (works fine if I use a self-signed server cert). Has anyone encountered this problem and/or know how to fix it? The error I get when using a CA-signed cert is: Mar 3 00:20:45 conjunct ldapsearch[22589]: [ID 605618 user.error] libldap: CERT_VerifyCertName: cert server name 'cccis certificate authority' does not match 'cccqadc-1.qawin.cccis.com': SSL connection denied Both certificates were added to the cert7.db files during testing. I used both Windows (W2K3 Active Directory) and Linux (OpenLDAP) for the servers during testing. Non-Solaris clients (such as OpenLDAP ldapsearch and the LDAP Browser-Editor by Jarek Gawor) work fine with either kind of certificate. Thank you! -- Michael H. Buselli mbuselli@cccis.com _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Fri Mar 4 12:51:22 2005
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:44 EST