[Date Prev][Date Next]
Multiple ldap servers, ssl, and dns round robin?
I have 4 ldap servers that I would like to put in a
dns round robin for performance reasons.
I would like to use the name "ldap.xpedite.com"
as the dns round robin name.
ldap1 is the master ldap server and the rest are replicates.
They currently replicate using ssl which I need to keep.
The ssl certificates where generated using a FQDN.
Replication via ssl works great and ssl transactions to each
server individually using their real FQDN work well. When I
attempt to access the round robin as ldap.xpedite.com, ssl
transactions refuse to work. I realize that it is failing
because the cert is generated for the FQDN of the individual
server.. not the round robin name (ldap.xpedite.com).
Is there a way I can give a server multiple names in a cert
such as ldap1, ldap1.xpedite.com, ldap.xpedite.com, ldap, IP Addr, etc..
so the client will accept the cert if it is called by
ldap1.xpedite.com or ldap.xpedite.com, or etc.. ?
Some sort of aliasing in ssl certs perhaps?
I am using openssl to generate and self sign the ssl certificates.
Thanks for any assistance you can offer..