Am Tue, 6 Oct 2015 00:00:43 +0500 schrieb Aneela Saleem <[email protected]>:
> Do we need to have CA certificate/server key on other client machine > as well? If yes, then how can we achieve that? Yes, you have to install a CA certificate on all hosts that want to access a ldap server, and the client application on remote hosts need to know the place ot this CA, usually that is configured in ldap.conf(5), but it depends on the clients ability. -Dieter > > On Sun, Oct 4, 2015 at 9:00 PM, Dieter Klünter <[email protected]> > wrote: > > > Am Sun, 4 Oct 2015 19:18:19 +0500 > > schrieb Aneela Saleem <[email protected]>: > > > > > I have followed this link > > > < > > http://stackoverflow.com/questions/21488845/how-can-i-generate-a-self-signed-certificate-with-subjectaltname-using-openssl > > >. > > > I update openssl.cnf file manually and added the ip address of > > > other client machine. Then i generated ssl certificate. Now > > > accessing ldaps:// platalytics.com:636 from other client machine > > > (i also have added platalytics.com in /etc/hosts file) but unable > > > to access it from external ip address. What i'm missing now? > > > > Domain Name Service? Firewall? Routing Tables? > > > > -Dieter > > > > > > > > On Fri, Oct 2, 2015 at 5:35 PM, Aneela Saleem > > > <[email protected]> wrote: > > > > > > > Hi Michael, > > > > > > > > Thanks for explaining. I just so far performed server side > > > > validation using the link > > > > <http://www.openldap.org/faq/data/cache/185.html> > > > > > > > > Can you please guide me how can we perform client side > > > > verification? Means how to set subjectAltName extension? > > > > > > > > On Fri, Oct 2, 2015 at 4:10 PM, Michael Ströder > > > > <[email protected]> wrote: > > > > > > > >> Aneela Saleem wrote: > > > >> > What if i want to access LDAP from external source? how > > > >> > would it > > > >> recognize > > > >> > platalytics.com? > > > >> > > > >> Hope fully the client perfoms the TLS hostname check as > > > >> defined in RFC 6125. > > > >> > > > >> All hostnames and IP addresses used by clients have to be > > > >> listed in the subjectAltName extension. > > > >> > > > >> Ciao, Michael. -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
