Do we need to have CA certificate/server key on other client machine as well? If yes, then how can we achieve that?
On Sun, Oct 4, 2015 at 9:00 PM, Dieter Klünter <[email protected]> wrote: > Am Sun, 4 Oct 2015 19:18:19 +0500 > schrieb Aneela Saleem <[email protected]>: > > > I have followed this link > > < > http://stackoverflow.com/questions/21488845/how-can-i-generate-a-self-signed-certificate-with-subjectaltname-using-openssl > >. > > I update openssl.cnf file manually and added the ip address of other > > client machine. Then i generated ssl certificate. Now accessing > > ldaps:// platalytics.com:636 from other client machine (i also have > > added platalytics.com in /etc/hosts file) but unable to access it > > from external ip address. What i'm missing now? > > Domain Name Service? Firewall? Routing Tables? > > -Dieter > > > > > On Fri, Oct 2, 2015 at 5:35 PM, Aneela Saleem <[email protected]> > > wrote: > > > > > Hi Michael, > > > > > > Thanks for explaining. I just so far performed server side > > > validation using the link > > > <http://www.openldap.org/faq/data/cache/185.html> > > > > > > Can you please guide me how can we perform client side > > > verification? Means how to set subjectAltName extension? > > > > > > On Fri, Oct 2, 2015 at 4:10 PM, Michael Ströder > > > <[email protected]> wrote: > > > > > >> Aneela Saleem wrote: > > >> > What if i want to access LDAP from external source? how would it > > >> recognize > > >> > platalytics.com? > > >> > > >> Hope fully the client perfoms the TLS hostname check as defined in > > >> RFC 6125. > > >> > > >> All hostnames and IP addresses used by clients have to be listed > > >> in the subjectAltName extension. > > >> > > >> Ciao, Michael. > > >> > > >> > > > > > > > -- > Dieter Klünter | Systemberatung > http://sys4.de > GPG Key ID: E9ED159B > 53°37'09,95"N > 10°08'02,42"E > >
