${resource:CF_GenericContent}test

If an answer to your question is correct, click on "Verify Answer" under the "More" button.  The answer will now appear with a checkmark.  Please be sure to always mark answers that resolve your issue as verified.  Your fellow Community members will appreciate it!  Learn more.

  • State Verified Answer
  • Replies replies
    4
  • Answers answer
    1
  • Subscribers subscribers
    30
  • Views views
    283
  • Users 0 members are here

Subject Alternate Name for DNS in SSL CertificateDNS

Marcus Tornberg

Hi,

When I install new eDirectory 9.3 servers the default certificates (SSL CertificateDNS) doesn't get the DNS name added as Subject Alternate Name (SAN). Only the IP is added as SAN.

Since this certificate is used for LDAPS, it causes other issues such as IDApps and IDConsole won't connect using the servers DNS name. I can of course work around this with a custom certificate where I specify the DNS name as a Subject Alternate Name and use that for LDAPS, but I'd really like to figure out why the default certificates doesn't get the SAN automatically. I can also use IP from IDApps and IDConsole, but that is not optimal...

I am in a sandbox environment, so it could be an issue in my environment. I do however configured a DNS with both A and PTR records, so it should be possible to autodiscover the DNS name.

If anyone has insights on this, I would appreciate it.

Thank you!

Best regards

Marcus

Labels:

LDAP Proxy
Parents Reply Children
  • 0 in reply to   

    Hi,

    Sorry for being unclear.

    I see I had some faults in my original post (updated now). The case was new installation of eDirectory servers, not repair of default certificates.

    If the hosts file on the engine server is as stated previously, the default certificates includes DNS as SAN. Since this is during installation of servers, Identity Console is not involved.

    However, if I later repair the default certificates using Identity Console, I loose DNS in SAN again.

    If I delete the default certificates and recreate them using "ndsconfig upgrade", they are again created with DNS in SAN.

    Best regards

    Marcus

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Cookies Preferences
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.