Menu
▾
▴
Re: Certificate Confusion:hostname does not match CN
|
From: <mi...@st...> - 2004-06-11 11:58:57
|
Becky Hepper wrote: > > I got the following error: "SSL3_GET_SERVER_CERTIFICATE: certificate > verify failed". So I asked the people that control the LDAP server for > a key. They sent me the Netscape certificate: cert7.db & key3.db. If I > put those two files in my home directory and add this line to my code: > ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, "/home/jack") I get an > error: "TLS: hostname does not match CN in peer certificate". ??? How did you build python-ldap? I really wonder why this does anything useful. > Can I use the cert7.db or does it > have to be converted to a PEM file? python-ldap uses the OpenLDAP libs which in turn use the OpenSSL libs which cannot handle Netscape certificate database files => you have to use PEM files. > I get the same error if I use the > following line in my code: ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, > "/usr/share/ssl/cert.pem") What is this cert.pem file that > automatically gets installed? There's nothing automatically installed. cert.pem should contain the CA certificate against which the server certificate is validated. Recommended reading: http://www.openldap.org/faq/index.cgi?_highlightWords=ssl&file=185 Ciao, Michael. |
