RE: XoT Testing: TLS peer certificate verification failed

2025-03-04 Thread Klaus Darilion via bind-users
> -Original Message- > From: Petr Špaček > Sent: Tuesday, March 4, 2025 6:11 PM > To: Robert Wagner ; Klaus Darilion > > Cc: bind-us...@isc.org > Subject: Re: XoT Testing: TLS peer certificate verification failed > > > I think I have solved the mistery: B

Re: XoT Testing: TLS peer certificate verification failed

2025-03-04 Thread Petr Špaček
I think I have solved the mistery: Bind (or openssl, who ever does the validation) requires Subject Alternative Name. Regardless if using the hostname or the IP address, they must be in the subject alternative name. When using self-signed certificates, it is probably best to put both in the SAN

Re: XoT Testing: TLS peer certificate verification failed

2025-03-04 Thread Robert Wagner
e=DNS:xot-test-primary.ops.nic.at,IP:193.46.106.51" regards Klaus From: bind-users On Behalf Of Klaus Darilion via bind-users Sent: Tuesday, March 4, 2025 11:31 AM To: Ondřej Surý Cc: bind-us...@isc.org Subject: RE: XoT Testing: TLS peer certificate verification failed In my case it shoul

RE: XoT Testing: TLS peer certificate verification failed

2025-03-04 Thread Klaus Darilion via bind-users
erations nic.at GmbH, Jakob-Haringer-Straße 8/V 5020 Salzburg, Austria From: Ondřej Surý mailto:ond...@isc.org>> Sent: Tuesday, March 4, 2025 10:05 AM To: Klaus Darilion mailto:klaus.daril...@nic.at>> Cc: bind-us...@isc.org<mailto:bind-us...@isc.org> Subject: Re: XoT Testing: TLS peer c

RE: XoT Testing: TLS peer certificate verification failed

2025-03-04 Thread Klaus Darilion via bind-users
From: Ondřej Surý Sent: Tuesday, March 4, 2025 10:05 AM To: Klaus Darilion Cc: bind-us...@isc.org Subject: Re: XoT Testing: TLS peer certificate verification failed Sounds like this: https://gitlab.isc.org/isc-projects/bind9/-/issues/3896 -- Ondřej Surý — ISC (He/Him) My working hours and your

RE: XoT Testing: TLS peer certificate verification failed

2025-03-04 Thread Klaus Darilion via bind-users
bind-users Subject: XoT Testing: TLS peer certificate verification failed Hi! I want to test XoT between Bind9.20.6 primary and secondary. On the primary I created a self-signed certificate with CN=xot-test-primary.ops.nic.at and configured bind: # Create a 10years valid self-signed certificate

Re: XoT Testing: TLS peer certificate verification failed

2025-03-04 Thread Ondřej Surý
Choules via bind-users Subject: XoT Testing: TLS peer certificate verification failed   Hi! I want to test XoT between Bind9.20.6 primary and secondary.   On the primary I created a self-signed certificate with CN=xot-test-primary.ops.nic.at and configured bind:   # Create a 10years valid self-signed

Re: XoT Testing: TLS peer certificate verification failed

2025-02-27 Thread Robert Wagner
l commands to your list. RW From: bind-users on behalf of Klaus Darilion via bind-users Sent: Thursday, February 27, 2025 11:10 AM To: Greg Choules via bind-users Subject: XoT Testing: TLS peer certificate verification failed This email originated from outsid

XoT Testing: TLS peer certificate verification failed

2025-02-27 Thread Klaus Darilion via bind-users
Hi! I want to test XoT between Bind9.20.6 primary and secondary. On the primary I created a self-signed certificate with CN=xot-test-primary.ops.nic.at and configured bind: # Create a 10years valid self-signed certificate: # openssl genpkey -algorithm RSA -out private.key -pkeyopt rsa_keygen_