eDirectory cn subject name on DNS certificate concern with java security checking

Idea ID 2784088

eDirectory cn subject name on DNS certificate concern with java security checking

0 Votes
There isn't a product to choose for eDirectory, so I choose Identity Manger.

With IGA 3.8 java security, if the cn subject name value is not matching to the dns name of the server, the java validation will fail.

Previously DNS was not required for eDirectory. Due to security concerns java has rolled this out to check to make sure that everything resolves. Great idea, but eDirectory didn't have this in mind when generating default certs.

As IGA and other systems will start enforcing this and with existing environments already using ldap certs would have to change, it would be great to have a work around on the eDir side to build in the dns as the cn value or if possible the alternate subject name, assuming that would work.

If there would be an automated way to fix existing systems, that would be ideal. But it would be great if at least with new systems that they would conform to a standard where the default certs could still be used as they would have the dns name.

See the below link as a reference from Steve Williams.
https://forums.novell.com/showthread.php/510779-IG-3-5-install-LDAP-schema-error?p=2493173#post2493173
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.