--On Tuesday, January 14, 2014 2:22 PM -0500 "Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu wrote:
Thanks for your help with my last post.
Now, the next task, will be setting up an N-way multimaster:
Server1
Server2
Server3
Server4
Using TLS. To create the certificates, finding a lot of varying ideas via google, what is the "best practice" to create certificates to where I don't have to touch each client if a server goes down. Create a wildcard cert or use the subjectAltName in the openssl.cnf file?
I prefer to use a wildcard cert. I would note that a technically correct wildcard cert has *.domain in subjectAltname. On the flip side, virtually no CA creates certs that are compliant with the RFC for wildcards.
--Quanah
--
Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration