"Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu schrieb am
14.01.2014 um 20:22 in Nachricht 201401141923.s0EJNERG089333@boole.openldap.org:
Thanks for your help with my last post.
Now, the next task, will be setting up an N-way multimaster: Server1 Server2 Server3 Server4
Using TLS. To create the certificates, finding a lot of varying ideas via google, what is the "best practice" to create certificates to where I don't have to touch each client if a server goes down. Create a wildcard cert or use the subjectAltName in the openssl.cnf file?
Hi!
I don't see your problem: The certificates are just "normal"; one for each server. And you want to add each server to each client. If one server goes down, you don't have to do anything. What did I miss from your description?
Regards, Ulrich
John D. Borresen (Dave) Linux/Unix Systems Administrator MIT Lincoln Laboratory Surveillance Systems Group 244 Wood St Lexington, MA 02420 Email: john.borresen@ll.mit.edumailto:john.borresen@ll.mit.edu