• While configuring NSX for LDAPS, you receive an error stating that you need to check the Subject Alternative Name field of the cert to verify the connection.
• One of the below items will also be observed:
  
  • You have configured LDAPS using the IP address, but the certificate only contains the FQDN.
  • You have configured LDAPS using the FQDN, but the certificate only contains the IP address. 
  • You have configured LDAPS using an alternate name that is not listed in the SANS or the Common Name (CN) of the cert.

NSX 4.2.2.1

The connection URI needs to match the name in the Cert, either the CN, or the SANs. If the cert is only for the IP or ONLY for the FQDN, that is what you need to use for your LDAPS connection string.

Pick one of the two options below:

• Set your LDAPS connection to match what the cert shows.
• Re-create the cert with all the appropriate SANS so no matter how the connection is referred to, it will be accepted.