Ulrich Windl wrote:
>>> Michael Ströder <michael(a)stroeder.com> schrieb am
10.12.2014 um 09:44 in
Nachricht <548807E4.5000108(a)stroeder.com>:
> Ulrich Windl wrote:
>>> I use a cert with the VIP used by clients, and the hostnames used between
>>> the servers all setup in the subjectaltname of the certificate.
>>
>> But this "solution" does not scale well when adding or removing
servers...
>
> Why does it not scale?
>
> If you have an individual cert for each server with the VIP DNS name in
> subjectAltName you can just add servers as needed.
The point is: If you change one server, you'll have to update certificates for
all active servers;
Nonsense. This will only be the case if you change the VIP's DNS name.
Or could you please tell us what's so hard to understand with "individual cert
for each server"?
not to talk about that fact that all certificates will
expire exactly at the same time.
Uuuh... yes, there's work out there to be done.
So what's the real problem?
Ciao, Michael.