Hi Beat Beat Burgener | NetSuccess GmbH wrote: > Matthias, > > what tool do you use to connect to Apache DS? I use Apache Directory > Studio, and AFAIR, > there was an error if the certificate does not match the FQDN.
When connectiong with apache studio ans starttls i get a cert error and ehen showing the cert i get the one with cn=ApacheDS. When connecting with ldaps I do get the right cert. When using openssl s_client on port 636 i also get the right cert. > However, connecting either using LDAPS on Port 636 or via StartTLS on > port 389, I don't get an error. > I don't konw of a way to display the certificate details of a connection > in the AD Studio though ... Have not found anything too. and openssl can't do starttls for ldap. As it looks like, the starttls extension does not honor the keystore configured in the ldapServer config. Regards Matthias -- Matthias Cramer / mc322-ripe Senior Network & Security Engineer iway AG Phone +41 43 500 1111 Josefstrasse 225 Fax +41 44 271 3535 CH-8005 Zürich http://www.iway.ch/ GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250
