14 Jan
2014
14 Jan
'14
11:56 a.m.
Borresen, John - 0442 - MITLL wrote:
Thanks for your help with my last post.
Now, the next task, will be setting up an N-way multimaster: Server1 Server2 Server3 Server4
Using TLS. To create the certificates, finding a lot of varying ideas via google, what is the "best practice" to create certificates to where I don't have to touch each client if a server goes down. Create a wildcard cert or use the subjectAltName in the openssl.cnf file?
Personally I' prefer to issue separate certs to each replica. I use the server certs also as client cert for authenticating the replicas to each other with SASL/EXTERNAL.
Ciao, Michael.