LDAP communication error - TLS: hostname does not match CN in peer certificate

Description

The error, LDAP communication error - TLS: hostname does not match CN in peer certificate, is displayed in the LDAP configuration window when attempting to configure LDAP over TLS.

 

 

Cause

This error occurs when Require valid certificate from server is checked in the LDAP Configuration window with either an IP address in the Name or IP address field or a DNS name not matching the Common Name (CN) of the certificate presented by the LDAP server. The Require valid certificate from server option validates the certificate presented by the server during the TLS exchange, matching the name specified in the Name or IP address field to the name on the certificate.

Resolution

Resolution or Workaround:

 

Enter the exact name as the CN of the certificate presented by the server.



Uncheck the option Require valid certificate from server.  Deselecting this default option will present an alert, but exchanges between the SonicWall and the LDAP server will still use TLS.

A related error is - Error: Bad LDAP server certificate - TLS fatal: unknown CA.

Related Articles

  • SonicWall NSv XS FAQ
    Read More
  • SMA1000: TOTP Two-Factor Authentication Failure — 'Invalid code' Due to Time Sync Mismatch
    Read More
  • What are the different ways to restart NSv on Proxmox platform?
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community
Chat