Dieter Kluenter wrote:
[EMAIL PROTECTED] (Emmanuel Dreyfus) writes:
Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote:
Is there some kind of trick to get this done properly?
Use a cert with a correct subjectAltName, or a wildcard cert.
For future reference:
Assuming we have in the DNS the following RR:
foo IN A 192.0.2.11
bar IN A 192.0.2.12
ldap 1 IN A 192.0.2.11
ldap 1 IN A 192.0.2.12
Create certificate for foo:
subjectAltName=DNS:ldap.example.net,DNS:foo.example.net
CN=ldap.example.net
Create certificate for bar:
subjectAltName=DNS:ldap.example.net,DNS:bar.example.net
CN=ldap.example.net
I know that the subjectAltName type DNS is recommended, but RFC 4513
refers to type dNSName. Is there any reason that OpenLDAP requires
type DNS?
They are one and the same. "DNS" is just the way that it is specified in the
OpenSSL tools.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
