[Fedora-directory-users] Hostname does not match CN....
Alex aka Magobin
magobin at gmail.com
Tue Apr 4 13:44:53 UTC 2006
> This isn't an SSL problem, it's a problem with the way you are trying to
> use it. You are trying to present the world with a single directory
> server and behind the scenes have 2 physical servers. Nothing wrong with
> this but you were told a while back that this could be a problem.
Yes...but I thought that someone have implemented 2 ldap server on a
cluster system;
> 1. The easiest solution is to use a wildcard in the SSL server
> certificate hostname: CN=*.example.com. This is super ugly but should
> work. Note that you'll never get a CA like Verisign to issue you a
> wildcard server certificate. So if you are using your own self-signed CA
> during testing and plan to get server certs later from another CA beware.
>
uhm..very dangerous
> 2. I wonder if it is possible to set up multiple listeners and assign a
> separate SSL certificate to each one. Then you could have
> CN=host1.example.com on say port 638 for replication and
> CN=ldap.example.com on 636 for general use.
>
This maybe a solution...if it's possible...but I'm a newbe about SSL
Ok...omit cluster...if I have a server Fedora DS (A) that it's ssl
server too...until A is alone I configure my clients to point at this
server for authentication and I tested it works perfectly..now I want
another server for load balancing replicated in
multimaster(B)...now...how can I set up ssl for this scenario ? This
scenario is normal for example in windows Active Directory...I think
that it's impossible that nobody has never made a test like this or
implemented something like this
More information about the Fedora-directory-users
mailing list