It should work, but depends on the checks performed by the TLS+crypto toolkit.
Using the CN to hold the hostname/IP is deprecated, and this field is now ignored by some libraries if the SAN extension is present. 2013/10/17 lejeczek <[email protected]> > dear all > > I'm trying to set a seeminglysimple setup > having a box with openldap I want it to use TLS on both internal and > external hostnames/IPs > > openldap was set up earlier and was/is working > I generate TLS certificate with SAN > everything seems working fine > but > when I ldapsearch on external fqdn/IP (which in the certificate is the > subjectAltName) search fails > whereas it succeeds on internal fqdn(which is the hostname/ CN in the > certificate) > > error is: additional info: TLS error -8157:Certificate extension not found. > > is such a scenario even possible? having very same DN being served on more > than one name via TLS? > > best wishes > > -- Erwann.
