TLS: hostname does not match CN in peer certificate

Ivan De Masi it-support at asta.tu-darmstadt.de
Mon Jun 18 15:54:13 CEST 2012


Am 15.06.2012 14:32, schrieb Alan DeKok:
> Ivan De Masi wrote:
>> The access to the ldap server is secured with ssl (not TLS!), so
>> openladp is listening on port 636.
>>
>> When I try
>>
>> # radtest user "mypassword" localhost 1 testing123
>>
>> I get the following message:
>>
>> Reply-Message = "TLS: hostname does not match CN in peer certificate"
>
>    That message does not exist in the default configuration.
>
>    Someone added it to the local configuration.
>
>> Complete output:
>>
>> Sending Access-Request of id 137 to 127.0.0.1 port 1812
>>          User-Name = "user"
>>          User-Password = "password"
>>          NAS-IP-Address = 127.0.1.1
>>          NAS-Port = 1
>
>    Uh... no.  You are aware that the "radclient" program is not the
> radius server?
>
>    Read the output of "radiusd -X".  This is mentioned in the FAQ, Wiki,
> web site, "man" page, and daily on this list.
>
>> That's correct, because I'm still in a testing phase and the openldap
>> certificate doesn't match with the openldap hostname. But I need to
>> fetch the data...
>> What can I change to get it working? Is the only way to generate new
>> certificate files?
>
>    I have no idea what you're doing, so I can't answer that question.
>
>    Alan DeKok.
>

Hi,

that's what I found in a howto when testing the config... :-)

"radiusd -X" doesn't seem to work on Debian (?!)

Regards,
Ivan

-- 
AStA TU Darmstadt
IT-Administration
Raum S1|03 63
Hochschulstr. 1
64289 Darmstadt

Tel. +49-6151-162217
Fax. +49-6151-166026




More information about the Freeradius-Users mailing list