[Date Prev][Date Next]
Re: TLS/SSL & load-balanced servers
On Fri, Jun 27, 2003 at 09:35:26PM -0700, Quanah Gibson-Mount wrote:
> I just ran into an interesting issue using TLS connections & load-balanced
> servers. Basically, each of our servers has its own cert
> (ldap#.stanford.edu). If I perform a search against the load-balanced name
> (ldap.stanford.edu), ldapsearch fails, noting that the names don't match.
> Is there an easy fix for this, or do I need to get an "ldap.stanford.edu"
> cert that each of the servers uses? And, will that even work inside
You need to use subjectAltName. For example, you could put the
following into your openssl .cnf configuration file when generating
certs for your load balanced servers:
Hope this helps,
Luca Filipozzi, ECE Dept. IT Manager, University of British Columbia
gpgkey 5A827A2D - A149 97BD 188C 7F29 779E 09C1 3573 32C4 5A82 7A2D