0

I am generating a certificate for a development environment and I am getting errors related to a mismatch in the hostname. Unfortunately, the VM keeps restarting with different hostname/IP address and it is out of my control. The error I get is:

hostname of the server '127.0.0.1' does not match the hostname in the server's certificate.

What I want to do is generate a certificate that specifically uses 127.0.0.1 as the hostname. This is for use with OpenLDAP on a Linux box and I typically use:

sudo openssl req -new -x509 -nodes \
  -out /etc/pki/tls/certs/MyLDAP.pem \
  -keyout /etc/pki/tls/certs/MyLDAP.key \
  -days 365

This works fine when I have control of the node and know the hostname information. When I plug this in to my remote service that wants to use an LDAP URL (ldap://127.0.0.1:389) it blows up. I want to force the certificate to use the standard internal IP.

jww
  • 97,681
  • 90
  • 411
  • 885
el n00b
  • 1,957
  • 7
  • 37
  • 64
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. Also see [Where do I post questions about Dev Ops?](http://meta.stackexchange.com/q/134306) – jww Sep 29 '16 at 22:00
  • Hostnames always go in the *SAN*, and they can include IP addresses. If a name is present in the *CN*, then it must be present in the *SAN* too (you have to list it twice in this case). For more rules and reasons, see [How do you sign Certificate Signing Request with your Certification Authority](http://stackoverflow.com/a/21340898/608639) and [How to create a self-signed certificate with openssl?](http://stackoverflow.com/q/10175812/608639) – jww Sep 29 '16 at 22:01
  • Possible duplicate of [IP address as hostname (CN) when creating a certificate? (HTTPS hostname wrong: should be )](http://stackoverflow.com/questions/11708717/ip-address-as-hostname-cn-when-creating-a-certificate-https-hostname-wrong) – Andrew Henle Sep 29 '16 at 22:10
  • @AndrewHenle you're right - duplicate. I see the phrasing used now that made it not come up in my search. Thanks. – el n00b Sep 30 '16 at 13:01

0 Answers0