Rich Megginson wrote:
I'm not sure how NSS handles certificate verification with subjectAltName. I know that in order for the validation to work without subjectAltName, the leftmost RDN in the subjectDN must be cn=FQDN of the server e.g. cn=ldap1.example.com, ou=Fedora Directory Server, dc=example, dc=com
Yes, for server certs which are validated by the client.
I'm also not sure if that applies to cert based auth.
It doesn't. Ciao, Michael. -- Fedora-directory-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-directory-users
