Borresen, John - 0442 - MITLL wrote:
Thanks for your help with my last post.
Now, the next task, will be setting up an N-way multimaster:
Using TLS. To create the certificates, finding a lot of varying ideas via google, what
is the "best practice" to create certificates to where I don't have to touch
each client if a server goes down. Create a wildcard cert or use the subjectAltName in
the openssl.cnf file?
Personally I' prefer to issue separate certs to each replica. I use the server
certs also as client cert for authenticating the replicas to each other with