Re: [389-users] Using Wildcard SSL Certificate
On 5/25/2012 9:41 PM, Jeff Field wrote:
Hello,
I'm attempting to use a Wildcard SSL certificate for my domain with
389ds. The certificate and the CA (godaddy) intermediate cert import
fine into both the admin server and the directory server, but attempts
to use an LDAPS:// URI with ldapmodify result in this error:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
curl gets this:
curl: (51) SSL: certificate subject name '*.mydomain.com
<http://mydomain.com>' does not match target host name
'myserver.ldap.mydomain.com <http://myserver.ldap.mydomain.com>'
Am I not able to use a wildcard SSL cert in this instance? If that is
the case, what would my best course of action be?
The problem here isn't that you're using a wildcard certificate, it's
that your wildcard certificate truly does not match your server name.
The "*" in a wildcard certificate does not allow you to span
subdomains. *.mydomain.com would match for ldap.mydomain.com, but if
you add further names below that, it won't match. *.ldap.mydomain.com
would match and probably work correctly for you, given the hostname you
are using.
Attachments:
- attachment.html (text/html — 1.8 KB)