TLS: hostname does not match CN in peer certificate

Frank Ranner frank.ranner at gmail.com
Sat Jun 16 00:04:40 CEST 2012


Set the hostname in the ldap conf to match what is in the certificate. You
may need to create an entry in /etc/hosts to match. You may be able to get
around the mismatch by creating an ldaprc file and setting the parameter
that controls the hostname checking to none.

On Jun 15, 2012 10:12 PM, "Ivan De Masi" <it-support at asta.tu-darmstadt.de>
wrote:
>
> Hello all,
>
> I have installed freeradius 2.1.10 on Debian Squeeze and configured to
fetch the users on the ldap server.
>
> The access to the ldap server is secured with ssl (not TLS!), so openladp
is listening on port 636.
>
> When I try
>
> # radtest user "mypassword" localhost 1 testing123
>
> I get the following message:
>
> Reply-Message = "TLS: hostname does not match CN in peer certificate"
>
> Complete output:
>
> Sending Access-Request of id 137 to 127.0.0.1 port 1812
>        User-Name = "user"
>        User-Password = "password"
>        NAS-IP-Address = 127.0.1.1
>        NAS-Port = 1
>
>
> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=137,
length=73
> Reply-Message = "TLS: hostname does not match CN in peer certificate"
>
> That's correct, because I'm still in a testing phase and the openldap
certificate doesn't match with the openldap hostname. But I need to fetch
the data...
> What can I change to get it working? Is the only way to generate new
certificate files?
>
> Thanks!
>
> Regards,
> Ivan
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120616/c7aa9906/attachment.html>


More information about the Freeradius-Users mailing list