On Tue, Jun 23, 2015 at 03:23:35PM -0600, Chris Lajoie wrote:
On 06/23/2015 01:29 AM, Sumit Bose wrote:
>There might be various reasons, e.g. if your certificate has the Subject
>Alternative Name attributes set, it has to match the fully qualified
>domain name of your LDAP server. The issue in the KB article was about
>missing the Basic Constraint Extension in self-signed certificates, but
>it says that this is fixed in recent OpenLDAP versions.
Thanks! You mentioned the Subject Alternative Name but I am not using that
in my cert. In my case I had to set the Common Name (CN) to the FQDN of the
server. After I generated a new cert with the correct CN it started working.
I'm not sure where the error message itself comes from (openssl?), but it
was not in any way indicative of what the problem was.
Thank you for the feedback. Btw the error message came from NSS in this
case, but other LDAP client libraries might use OpenSSL as well.
sssd-users mailing list