--On Tuesday, January 14, 2014 2:22 PM -0500 "Borresen, John - 0442 -
MITLL" <John.Borresen(a)ll.mit.edu> wrote:
Thanks for your help with my last post.
Now, the next task, will be setting up an N-way multimaster:
Using TLS. To create the certificates, finding a lot of varying ideas
via google, what is the "best practice" to create certificates to
where I don't have to touch each client if a server goes down. Create
a wildcard cert or use the subjectAltName in the openssl.cnf file?
I prefer to use a wildcard cert. I would note that a technically correct
wildcard cert has *.domain in subjectAltname. On the flip side, virtually
no CA creates certs that are compliant with the RFC for wildcards.
Architect - Server
Zimbra :: the leader in open source messaging and collaboration