This topic has 1 reply, 2 voices, and was last updated 5 years, 10 months ago by 
.
-
Posts
-
We were configuring opendj.
1)We have provided the server certificate for opendj with our own CA. Key manager provider:-
2)We have put server sertificate prvatekeyentry and ca certificate trusted keyentry in the keystore of opendj
3)We have put the server certficate trustedkeyentry and ca certificate trustedkeyentry in the truststore of opendj
4)Then we were running the client(ldapsearch) with a certificate db which has the certificate of CA certificate who has signed the opendj server certificate on port 636.
Suddenly there came a mandate that server certificate needs to have the SAN value.
5) Then we have added the SAN value in the server certificate.
6) Now the client(ldapsearch) is not working when we executed in the same way as earlier and throws a bad certificate error
While the debug is turned ON in opendj, the logs say: ->client hello ->server hello ->server cert chain ->serverhello done ->Bad certificate
Can anyone security experts here tell me what the problem is. Is adding a SAN value in server certificate a valid thing for opendj?
Hi,
There is a dedicated forum for OpenDJ : https://forgerock.org/forum/fr-projects/opendj/.
I suggest that you post your question in this forum, and if you can, please provide additional details, such as error messages, configuration details or commands used.
You must be logged in to reply to this topic.
