This topic has 1 reply, 2 voices, and was last updated 5 years, 10 months ago by Ludo.

  • Author
  • #11799

    We were configuring opendj.

    1)We have provided the server certificate for opendj with our own CA. Key manager provider:-

    2)We have put server sertificate prvatekeyentry and ca certificate trusted keyentry in the keystore of opendj

    3)We have put the server certficate trustedkeyentry and ca certificate trustedkeyentry in the truststore of opendj

    4)Then we were running the client(ldapsearch) with a certificate db which has the certificate of CA certificate who has signed the opendj server certificate on port 636.

    Suddenly there came a mandate that server certificate needs to have the SAN value.

    5) Then we have added the SAN value in the server certificate.

    6) Now the client(ldapsearch) is not working when we executed in the same way as earlier and throws a bad certificate error

    While the debug is turned ON in opendj, the logs say: ->client hello ->server hello ->server cert chain ->serverhello done ->Bad certificate

    Can anyone security experts here tell me what the problem is. Is adding a SAN value in server certificate a valid thing for opendj?

    • This topic was modified 5 years, 10 months ago by Peter Major.


    There is a dedicated forum for OpenDJ :

    I suggest that you post your question in this forum, and if you can, please provide additional details, such as error messages, configuration details or commands used.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?