--On Tuesday, January 14, 2014 2:22 PM -0500 "Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu wrote:

Thanks for your help with my last post.

Now, the next task, will be setting up an N-way multimaster:

Server1

Server2

Server3

Server4

Using TLS. To create the certificates, finding a lot of varying ideas via google, what is the "best practice" to create certificates to where I don't have to touch each client if a server goes down. Create a wildcard cert or use the subjectAltName in the openssl.cnf file?

I prefer to use a wildcard cert. I would note that a technically correct wildcard cert has *.domain in subjectAltname. On the flip side, virtually no CA creates certs that are compliant with the RFC for wildcards.

--Quanah

--

Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration