Date: Sun, 28 Nov 2010 19:23:52 +0100 From: Erik Norgaard <norgaard@locolomo.org> To: freebsd-questions@freebsd.org Subject: Re: can't use godaddy SSL cert Message-ID: <4CF29E38.6020305@locolomo.org> In-Reply-To: <AANLkTi=OoiqyWGYjZHRETR833_gvKD0rwbyASSeAQyU8@mail.gmail.com> References: <AANLkTi=N7Q-dYV5=kmzeSMHgJBuXWMLp7rvLnJMd_n-a@mail.gmail.com> <4CEE987D.9040008@locolomo.org> <AANLkTi=OoiqyWGYjZHRETR833_gvKD0rwbyASSeAQyU8@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 28/11/10 18.51, bluethundr wrote: > Yes the hostname is in the CN of the cert file. So I agree that -h is > not the issue. :) > [root@VIRCENT03:~]#ldapsearch -h ldap -b "dc=summitnjhome,dc=com" -Z > -D "cn=Manager,dc=summitnjhome,dc=com" "(objectclass=sudoRole)" -W Maybe I didn't make myself clear: the host name you use to connect to (-h), in your command line example above, ldap, must be the same as the CN of the server certificate. It is irrelevant if the servers hostname is the same as the CN. That might be why you get > ldap_start_tls: Connect error (-11) > additional info: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Try -h LBSD2.summitnjhome.com BR, Erik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CF29E38.6020305>