http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_SSL-Using_certutil.html#certutil-procedure step 7 The subject DN cannot have two "cn" values. This causes some clients to become confused. For best results, use only 1 "cn" in the subject DN, make the "cn" the leftmost value, and make sure the value of "cn" is the fully qualified host and domain name of the server machine for the server you are generating the cert. cn=ldap.example.com, cn=Directory Server <- BAD ou=Directory Server, cn=ldap.example.com <- BAD cn=ldap, ou=Directory Server <- BAD cn=ldap.example.com, ou=Directory Server <- GOOD
Added a note to step 7: http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_SSL-Using_certutil.html#certutil-procedure This is related to bug 492135. Closing.