Layer7 Identity Management

Expand all | Collapse all

SSL Error

Jump to Best Answer
  • 1.  SSL Error

    Posted 08-16-2016 10:19 PM

    Hi ,

     

    We are trying to add an Active Directory to the Provisioning Server using SSL and it fails with the below error in Event viewer.But am able to Explore and corelate using non SSL port 389.

     

    In the AD connection we are using IP Address for AD Hostname,but the certificate has no reference of IP in the subject but it has hostname.But the challenge is we are not able to use hostname for connecting to AD,because that doesn't resolve.We are trying to understand is  there a way to ignore this error and do a explore.

    Error :

    The certificate received from the remote servers does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is FQDN. The SSL connection request has failed.



  • 2.  Re: SSL Error

    Posted 08-16-2016 11:46 PM

    Hi Antony,

     

    I think you can try to map the IP to the hostname in the hosts file on provisioning server and see if you can add the FQDN in the AD Hostname field to acquire the endpoint.

    - Open, for example, /etc/hosts (Unix) or C:\Windows\System32\drivers\etc (Windows)

    - Add

    <your AD IP>   <your AD FQDN>

    save the file.

    - Fill the AD Hostname on the endpoint properties window with the AD FQDN.

    - Acquire the endpoint.

     

    Cheers

    Lien



  • 3.  Re: SSL Error
    Best Answer

    Posted 08-18-2016 08:40 AM

    The OS Hosts file will need to be updated as Lien mentioned but it would need to be done on the machine where the C++ Connector Server that is trying to reach the AD system is. That may or may not be the same machine running the Provisioning Server. You can work with your AD/Network team to see about getting DNS to resolve the hostname to the IP so that you don't need to modify the OS Hosts file in the future.

    - KennyV