[Fedora-directory-users] SOLVED: NSPR "Certificate type not approved for application" error when a TLS-enabled proxy LDAP OpenLDAP server connects to Fedora Directory Server
Michael Ströder
michael at stroeder.com
Mon Apr 14 21:58:47 UTC 2008
Rich Megginson wrote:
> I'm not sure how NSS handles certificate verification with
> subjectAltName. I know that in order for the validation to work without
> subjectAltName, the leftmost RDN in the subjectDN must be cn=FQDN of the
> server e.g. cn=ldap1.example.com, ou=Fedora Directory Server,
> dc=example, dc=com
Yes, for server certs which are validated by the client.
> I'm also not sure if that applies to cert based auth.
It doesn't.
Ciao, Michael.
More information about the Fedora-directory-users
mailing list