[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS/SSL & load-balanced servers

On Fri, Jun 27, 2003 at 09:35:26PM -0700, Quanah Gibson-Mount wrote:
> I just ran into an interesting issue using TLS connections & load-balanced 
> servers.  Basically, each of our servers has its own cert 
> (ldap#.stanford.edu).  If I perform a search against the load-balanced name 
> (ldap.stanford.edu), ldapsearch fails, noting that the names don't match. 
> Is there an easy fix for this, or do I need to get an "ldap.stanford.edu" 
> cert that each of the servers uses?  And, will that even work inside 
> OpenLDAP?

You need to use subjectAltName.  For example, you could put the
following into your openssl .cnf configuration file when generating
certs for your load balanced servers:


Hope this helps,


Luca Filipozzi, ECE Dept. IT Manager, University of British Columbia
gpgkey 5A827A2D - A149 97BD 188C 7F29 779E  09C1 3573 32C4 5A82 7A2D