I have setup ApacheDS to use StartTLS and I can connect to it without problem from Apache Directory Studio using the encryption method "Use StartTLS extension" without problem. I am not trying to configure my Ubuntu client to LDAP bind with this ApacheDS server for user authentication. I can bind without encryption. But when I setup to use "ssl start_tls" in my ldap.conf file, I got the following error message
TLS: hostname (....) does not match common name in certificate (apacheds). I have appended the "userCertificate" of "uid=admin,ou=system" to /etc/ssl/certs/ca-certificate. I know that I can resolve this by setting the record for "apacheds" to refer to the server IP address in /etc/hosts. However, this is not I want. I want to use the full domain name to connect to the server. What is the right way to approach this problem? Shall I replace the "userCertificate" value with another certificate? How to achieve that? Also, the certificate shown in this field expire in 1 year? How shall we maintain it? Sorry, I am new to using certificates. Thanks for answering my question.
