[EMAIL PROTECTED] (Emmanuel Dreyfus) writes: > Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote: > >> > Is there some kind of trick to get this done properly? >> Use a cert with a correct subjectAltName, or a wildcard cert. > > For future reference: > > Assuming we have in the DNS the following RR: > foo IN A 192.0.2.11 > bar IN A 192.0.2.12 > ldap 1 IN A 192.0.2.11 > ldap 1 IN A 192.0.2.12 > > Create certificate for foo: > subjectAltName=DNS:ldap.example.net,DNS:foo.example.net > CN=ldap.example.net > > Create certificate for bar: > subjectAltName=DNS:ldap.example.net,DNS:bar.example.net > CN=ldap.example.net
I know that the subjectAltName type DNS is recommended, but RFC 4513 refers to type dNSName. Is there any reason that OpenLDAP requires type DNS? -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6
