[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Q: OpenLDAP In A 'Heartbeat' Cluster

To: openldap-software@OpenLDAP.org
Subject: Re: Q: OpenLDAP In A 'Heartbeat' Cluster
From: Turbo Fredriksson <turbo@bayour.com>
Date: 07 Mar 2003 14:23:25 +0100
In-reply-to: <01a501c2e499$e8c5edd0$0e01a8c0@CELLO>
Organization: LDAP/Kerberos expert wannabe
References: <01a501c2e499$e8c5edd0$0e01a8c0@CELLO>
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

Quoting "Howard Chu" <hyc@highlandsun.com>:

> In OpenSSL I use these lines in my openssl.cnf file:
> ###
> DNSNAME = $ENV::DNSNAME
> IPADDR = $ENV::IPADDR
> ###
> 
> In the [ usr_cert ] section
> ###
> subjectAltName=DNS:$DNSNAME,IP:$IPADDR
> ###

Which is which here? Ie, is any of these 'registered names'... Hm, fuzzy.
Example: 

        DNSNAME1 = $ENV::CERT_NAME1
        DNSNAME2 = $ENV::CERT_NAME2
        IPADDR1 = $ENV::CERT_IP1
        IPADDR2 = $ENV::CERT_IP2
        [...]
        subjectAltName=DNS:DNSNAME1,IP:$IPADDR1
        subjectAltName=DNS:DNSNAME2,IP:$IPADDR1

Is this what you mean?

> You must set the DNSNAME and IPADDR environment variables before running the
> CA app to generate/sign the cert. If you need to specify additional names,
> use separate environment variables for each.

In my example, I'd set variables 'CERT_NAME[12]' and 'CERT_IP[12]'... ?

Follow-Ups:
- RE: Q: OpenLDAP In A 'Heartbeat' Cluster
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- RE: Q: OpenLDAP In A 'Heartbeat' Cluster
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: RE: Help, please! My OpenLDAP server stopped working!
Next by Date: nss_ldap + freebsd
Index(es):
- Chronological
- Thread