When Identity Synchronization for Windows tries to establish SSL connections, the connectors verify that the server’s hostname matches the hostname in the certificate that is presented by the server during the SSL negotiation phase. If the hostnames do not match, the connector will refuse to establish the connection.
The directory source hostname in the Identity Synchronization for Windows configuration file must always match the hostname embedded in the certificate used by that directory source.
You can use ldapsearch to verify that the hostnames match as follows:
/var/mps/serverroot/shared/bin/ldapsearch.exe -Z -P /var/opt/SUNWisw/etc/CNN100 -3 -h host2.example.com -p 636 -s base -b "" "(objectclass=*)"
If the hostname given in the ldapsearch command-line and the hostname embedded in the certificate are not the same, then the following error message is displayed:
ldap_search: Can't contact LDAP server SSL error -12276 (Unable to communicate securely with peer: requested do main name does not match the server's certificate.)
If the hostnames match, the ldapsearch command is successful and displays the contents of the root DSE.