Certificate Confusion:hostname does not match CN
Becky Hepper
brkbrh at hotmail.com
Wed Jun 9 16:58:43 CEST 2004
Hi,
I am working on a RH 9 Linux system. Below is the code I'm using:
l = ldap.initialize('ldaps://x.x.x:636')
l.protocol_version=ldap.VERSION3
l.simple_bind_s("username", "password")
l.unbind_s()
I got the following error: "SSL3_GET_SERVER_CERTIFICATE: certificate verify
failed". So I asked the people that control the LDAP server for a key.
They sent me the Netscape certificate: cert7.db & key3.db. If I put those
two files in my home directory and add this line to my code:
ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, "/home/jack") I get an error:
"TLS: hostname does not match CN in peer certificate". Does anyone know
what that error means? Can I use the cert7.db or does it have to be
converted to a PEM file? I get the same error if I use the following line
in my code: ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,
"/usr/share/ssl/cert.pem") What is this cert.pem file that automatically
gets installed? Is it just an example or did RH convert the cert7.db?
Thanks!
More information about the python-ldap
mailing list