TLS: hostname does not match CN in peer certificate

Ivan De Masi it-support at asta.tu-darmstadt.de
Fri Jun 15 14:09:37 CEST 2012


Hello all,

I have installed freeradius 2.1.10 on Debian Squeeze and configured to 
fetch the users on the ldap server.

The access to the ldap server is secured with ssl (not TLS!), so 
openladp is listening on port 636.

When I try

# radtest user "mypassword" localhost 1 testing123

I get the following message:

Reply-Message = "TLS: hostname does not match CN in peer certificate"

Complete output:

Sending Access-Request of id 137 to 127.0.0.1 port 1812
         User-Name = "user"
         User-Password = "password"
         NAS-IP-Address = 127.0.1.1
         NAS-Port = 1
 

rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=137, 
length=73
Reply-Message = "TLS: hostname does not match CN in peer certificate"

That's correct, because I'm still in a testing phase and the openldap 
certificate doesn't match with the openldap hostname. But I need to 
fetch the data...
What can I change to get it working? Is the only way to generate new 
certificate files?

Thanks!

Regards,
Ivan


More information about the Freeradius-Users mailing list