[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Require use of SSL..



"adp" <dap99@i-55.com> writes:

> And speaking of SSL, I have another issue I'd like to discuss. Okay, when I
> generate a cert I specify the hostname. This locks the SSL cert to that
> hostname. For the LDAP service I am using RRDNS. So I have servers like
> dir1, dir2, dir3, but the service is connected to as dir. So this means when
> I create the cert I need to create it as "dir" and use that cert for dir1,
> dir2, dir3.
>
> When specifying a replica host I need to specify the real hostname (e.g.,
> dir2). I can't specify dir since this will result in a RRDNS hit which could
> definitely lead to replication failing. (For one thing, you can't replicate
> to yourself.)
>
> Is there a solution?

Yes, 'subjectAltName' in openssl.cnf

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de