Troubleshooting Tip: LDAPS No Subject Alternative Names matching error
Description
This article describes how to fix the LDAPS No subject alternative names matching error.
Scope
FortiSIEM.
Solution
FortiSIEM supports LDAPS configuration with a certificate. However, the CN or Subject Alternative Name (SAN) field is sensitive for authentication. Once users have configured the LDAPS under Admin -> Settings -> General -> External Authentication, the IP/Host field needs to match the CN or Subject Alternative Name in the certificate as shown below:
FortiSIEM:
Certificate generated from Active Directory:
Note:
Users can verify the error on FortiSIEM via the command below:
#cat /opt/glassfish/domains/domain1/logs/phoenix.log |grep -i ldap
2025-07-03 17:23:34,587 [http-listener-2(13)] ERROR com.ph.phoenix.commons.LdapConnection - [PH_LDAP_EXT_AUTH_ERROR]:[phCustId]=1,[eventSeverity]=PHL_ERROR,[phEventCategory]=3,[procName]=AppServer,[user]=tadmin,[phLogDetail]=No subject alternative names matching IP address 10.47.48.183 found
Otherwise, users can regenerate the certificate again with the desired CN or Subject Alternative Name (SAN) by following this KB article:
Technical Tip: Configuring LDAPS on FortiManager and FortiAnalyzer
Related document: