Connection to LDAP server fails if the LDAP server certificate’s Subject Alternative Name (SAN) does not match the hostname of the system.
Issue
ipa-client-install
fails with error:
Unable to initialize STARTTLS session
Connect error: TLS: hostname does not match subjectAltName in peer certificate
Failed to bind to server!
ldapsearch
over SSL/TLS fails with error:
# ldapsearch -ZZ -H ldap://ldapserver.example.com -b dc=example,dc=com
ldap_start_tls: Connect error (-11)
additional info: TLS: hostname does not match subjectAltName in peer certificate
Environment
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 7
- openldap-2.4.46-18.el8
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.