29 Aug
2011
29 Aug
'11
4:28 a.m.
On Saturday, 27 August 2011 22:37:59 Daniel Qian wrote:
Yes I wasn't aware of subjectAltName and I am still not sure if nss_ldap in the OS honors that but I will test it out. Thanks Chris for answering back.
nss_ldap supports it if the underlying ldap library supports it.
Solaris' ldapclient doesn't ...
So (since we have a few Solaris boxes), we use individual certs where the subject is the same (the canonical name of the load-balanced servers), with subjectAltNames for all the additional names/IPs for the individual server.
Regards, Buchan