On 06/23/2015 01:29 AM, Sumit Bose wrote:
There might be various reasons, e.g. if your certificate has the Subject Alternative Name attributes set, it has to match the fully qualified domain name of your LDAP server. The issue in the KB article was about missing the Basic Constraint Extension in self-signed certificates, but it says that this is fixed in recent OpenLDAP versions.
Thanks! You mentioned the Subject Alternative Name but I am not using that in my cert. In my case I had to set the Common Name (CN) to the FQDN of the server. After I generated a new cert with the correct CN it started working. I'm not sure where the error message itself comes from (openssl?), but it was not in any way indicative of what the problem was.
Chris