[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL certificates, kerberos keytabs, and load balancing [Virus checked]

To: denis.havlik@t-mobile.at
Subject: Re: SSL certificates, kerberos keytabs, and load balancing [Virus checked]
From: Michael Ströder <michael@stroeder.com>
Date: Tue, 13 Apr 2004 13:11:25 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <OFA3FD6062.CEE76C75-ONC1256E75.003CD704-C1256E75.003D5EE0@t-mobile.at>
References: <OFA3FD6062.CEE76C75-ONC1256E75.003CD704-C1256E75.003D5EE0@t-mobile.at>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113

denis.havlik@t-mobile.at wrote:

 >>  >commonName=ldap1.example.com
 >>  >subjectAltName=commonName: ldap.example.com
 >You should test whether all your SSL/TLS-enabled LDAP applications really
 >look at subjectAltName extension!
Does this mean:
A) Most applications will work OK, but it's still possible that some are broken.
or
B) Setting "subjectAltName=commonName: <service cluster FQN>" should teoretically solve the problem, but the reality is different and many client apps don't know it.

It simply means that you have to thoroughly test all the client apps you plan to use.

Ciao, Michael.

Follow-Ups:
- Re: SSL certificates, kerberos keytabs, and load balancing [Virus checked]
  - From: "Kirk A. Turner-Rustin" <ktrustin@owu.edu>

References:
- Antwort: Re: SSL certificates, kerberos keytabs, and load balancing [Virus checked]
  - From: denis.havlik@t-mobile.at

Prev by Date: Antwort: Re: SSL certificates, kerberos keytabs, and load balancing [Virus checked]
Next by Date: Re: ldap_bind: Invalid credentials
Index(es):
- Chronological
- Thread