On 5/25/2012 9:41 PM, Jeff Field wrote:
Hello,
I'm attempting to use a Wildcard SSL certificate for my domain
with 389ds. The certificate and the CA (godaddy) intermediate cert
import fine into both the admin server and the directory server,
but attempts to use an LDAPS:// URI with ldapmodify result in this
error:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
curl gets this:
curl: (51) SSL: certificate subject name '*.mydomain.com'
does not match target host name 'myserver.ldap.mydomain.com'
Am I not able to use a wildcard SSL cert in this instance? If that
is the case, what would my best course of action be?
The problem here isn't that you're using a wildcard certificate,
it's that your wildcard certificate truly does not match your server
name.
The "*" in a wildcard certificate does not allow you to span
subdomains. *.mydomain.com would match for ldap.mydomain.com, but
if you add further names below that, it won't match.
*.ldap.mydomain.com would match and probably work correctly for you,
given the hostname you are using.