Ulrich Windl wrote:
I have a related question: Can you have different certificates, depending on "Normal use" and replication? I guess no, so if you use a load balancer, you'll have a problem with every server having a different cert (This is how I reaed your message).
Didn't we discuss that before?
When running different replicas which terminate TLS themselves you can issue a different server cert with distinct subject-DN for each of them and put FQDN(s) of the same HA address(es) (e.g. of your load-balancer(s)) into subjectAltName extension in all these different server certs.
Does that answer your question?