Adventures in Ubuntu systems administration

OpenLDAP TLS with wildcard domain certs

After the last post on the OpenLDAP trouble I had, I’ve continued trying new things with it and can confirm that wildcard domain certificates do succeed with OpenLDAP.

When creating the certificate request enter for eg *.example.com in the common name field and you can then use the one certificate on all servers that fall in that domain.

BIG WARNING! This is very dangerous if the keys are not secured properly. As if somebody compromises one key, they have compromised all of the services on all the machines that use the same key! So make sure you really want to do this, have the file permissions set correctly and are prepared for the consequences.


This entry was posted on April 3, 2009. It was filed under Server, Ubuntu and was tagged with , , , , , .

One Response

  1. espeto

    can you show me listing your config for openLDAP with wildcard sertificate?

    Thanks=)

    September 16, 2009 at 5:38 pm

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>