On 8 Mar 2012, at 08:44, Clément OUDOT wrote: > Maybe the error come from the CA certificate, which should contain a > CN in his subject?
I'm not sure there are particular naming rules for CA DNs. What about the subject name of the AD server itself - what's that? IO::Socket::SSL might be incorrectly assuming that all server DNs must have the cn set to the hostname or a wildcarded hostname. That's not the case - the use of subjectAltName for that has been standard for many years. So I would suggest looking at the server's cert, and then it might make more sense to talk to the IO::Socket:SSL folks. Chris
