[Date Prev][Date Next]
Re: SSL certificates, kerberos keytabs, and load balancing [Virus checked]
>> >subjectAltName=commonName: ldap.example.com
>You should test whether all your SSL/TLS-enabled LDAP applications really
>look at subjectAltName extension!
Does this mean:
A) Most applications will work OK, but it's still possible that some are
B) Setting "subjectAltName=commonName: <service cluster FQN>" should
teoretically solve the problem, but the reality is different and many
client apps don't know it.
It simply means that you have to thoroughly test all the client apps you
plan to use.