Ulrich Windl wrote:
Michael Ströder michael@stroeder.com schrieb am 08.05.2017 um 23:39 in
When running different replicas which terminate TLS themselves you can issue a different server cert with distinct subject-DN for each of them and put FQDN(s) of the same HA address(es) (e.g. of your load-balancer(s)) into subjectAltName extension in all these different server certs.
So you have one certificate for all servers, and the answer is that you cannot have different certificates? If so, we had discussed that before. I thought you were advising otherwise now, and I was surprised how that would work.
Did you deliberately misread my answer? I cannot imagine how I can make more clear that I have different certs on all replicas. And probably you also misread my former postings about that topic.
Ciao, Michael.
openldap-technical@openldap.org
-
Michael Ströder