directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <>
Subject Re: TLS: hostname does not match common name in certificate (apacheds).
Date Sun, 19 Jan 2014 15:39:35 GMT
On Tue, Jan 14, 2014 at 9:15 AM, Richard U <> wrote:

> I have setup ApacheDS to use StartTLS and I can connect to it without
> problem from Apache Directory Studio using the encryption method "Use
> StartTLS extension" without problem.
> I am not trying to configure my Ubuntu client to LDAP bind with this
> ApacheDS server for user authentication.  I can bind without encryption.
>  But when I setup to use "ssl start_tls" in my ldap.conf file, I got the
> following error message
> TLS: hostname (....) does not match common name in certificate (apacheds).
> I have appended the "userCertificate" of "uid=admin,ou=system" to
> /etc/ssl/certs/ca-certificate.
> I know that I can resolve this by setting the record for "apacheds" to
> refer to the server IP address in /etc/hosts.  However, this is not I want.
>  I want to use the full domain name to connect to the server.
> What is the right way to approach this problem?  Shall I replace the
> "userCertificate" value with another certificate?  How to achieve that?
>  Also, the certificate shown in this field expire in 1 year?  How shall we
> maintain it?
> you need to create[1] a self-signed certificate and then replace the
attribute's value with this new certificate


> Sorry, I am new to using certificates.  Thanks for answering my question.

Kiran Ayyagari

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message