LDAP over TLS error: hostname does not match CN in peer certificate

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 682

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas

Last Updated:

Applies to

ONTAP 9
LDAP over TLS or LDAPS
DNS

Issue

Connecting to LDAP fails due to mismatch canonical name (CN) information
EMS shows the following error:

12/31/2023 12:00:00 cluster1-01     ERROR         secd.unexpectedFailure: Unexpected SecD failure in Vserver "svm1". Details: Error: Validate the Ldap configuration procedure failed

  [  0 ms] Hostname found in Name Service Cache

  [     1] IP Address found in Name Service Cache

  [     1] Resolved LDAP servers: 10.20.30.40. Vserver: 5

  [     1] Successfully connected to ip 10.20.30.40, port 389 using TCP

  [    18] Unable to start TLS: Connect error

  [    18]   Additional info: TLS: hostname (server1.domain.com) does not match CN (server2.domain.com) in peer certificate

[ 18] Unable to connect to LDAP (NIS & Name Mapping) service on server1.example.com

[ 18] No servers available for LDAP_NIS_AND_NAME_MAPPING, vserver: 5, domain: .

**[ 18] FAILURE: Unable to make a connection (LDAP (NIS & Name Mapping):), Result: RESULT_ERROR_SECD_NO_SERVER_AVAILABLE