Are SSL certificates bound to the servers ip address

Question

We have two different ldap providers in two different physical office locations   When I connect my laptop to one location and I  retrieve from port   in Websphere 6 1  to import the ssl cert of the ldap provider  I can authenticate to the respective ldap with no problems  If I take my laptop to the other office  that uses the other ldap provider by default  and I plugin my laptop  my WAS on my laptop will not start because it says  no trusted ssl cert found    If I  retrieve from port  again and re import the cert then it works again   Note that my WAS always try to connect to one ldap  it simply has no use for the other one   If I go back to the other office I get the same error until I reimport from that location  The ldap connection point is ldap something com 636 and is pingable in both locations with the same FQDN   But when pinged it resolves to a different ip address in each office location  Why do I see that behavior   Are SSL Certs somehow bound to a specific IP address   If yes  then I need to maintain a different set of certs for each office location  right   Note that  there is no way to adjust the dns servers to resolve the hostname to the same IP address  I checked   Can someone provide some insight

User · Answer

The SSL certificates are going to be bound to hostname rather than IP if they are setup in the standard way. Hence why it works at one site rather than the other.

Even if the servers share the same hostname they may well have two different certificates and hence WebSphere will have a certificate trust issue as it won't be able to recognise the certificate on the second server as it is different to the first.

User · Answer

SSL certificates are bound to a  common name   which is usually a fully qualified domain name but can be a wildcard name  eg    domain com  or even an IP address  but it usually isn t   In your case  you are accessing your LDAP server by a hostname and it sounds like your two LDAP servers have different SSL certificates installed   Are you able to view  or download and view  the details of the SSL certificate   Each SSL certificate will have a unique serial numbers and fingerprint which will need to match   I assume the certificate is being rejected as these details don t match with what s in your certificate store   Your solution will be to ensure that both LDAP servers have the same SSL certificate installed   BTW - you can normally override DNS entries on your workstation by editing a local  hosts  file  but I wouldn t recommend this

User · Answer

Most SSL certificates are bound to the hostname of the machine and not the ip address   You might get a better answer if you ask this question on serverfault com

[websphere] Are SSL certificates bound to the servers ip address?

Examples related to websphere

Examples related to ssl-certificate