TLS: hostname does not match CN in peer certificate

Alan DeKok aland at deployingradius.com
Fri Jun 15 14:32:06 CEST 2012


Ivan De Masi wrote:
> The access to the ldap server is secured with ssl (not TLS!), so
> openladp is listening on port 636.
> 
> When I try
> 
> # radtest user "mypassword" localhost 1 testing123
> 
> I get the following message:
> 
> Reply-Message = "TLS: hostname does not match CN in peer certificate"

  That message does not exist in the default configuration.

  Someone added it to the local configuration.

> Complete output:
> 
> Sending Access-Request of id 137 to 127.0.0.1 port 1812
>         User-Name = "user"
>         User-Password = "password"
>         NAS-IP-Address = 127.0.1.1
>         NAS-Port = 1

  Uh... no.  You are aware that the "radclient" program is not the
radius server?

  Read the output of "radiusd -X".  This is mentioned in the FAQ, Wiki,
web site, "man" page, and daily on this list.

> That's correct, because I'm still in a testing phase and the openldap
> certificate doesn't match with the openldap hostname. But I need to
> fetch the data...
> What can I change to get it working? Is the only way to generate new
> certificate files?

  I have no idea what you're doing, so I can't answer that question.

  Alan DeKok.


More information about the Freeradius-Users mailing list