[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL certificates, kerberos keytabs, and load balancing [Virus checked]

denis.havlik@t-mobile.at wrote:

>> >commonName=ldap1.example.com >> >subjectAltName=commonName: ldap.example.com

 >You should test whether all your SSL/TLS-enabled LDAP applications really
 >look at subjectAltName extension!

Does this mean:

A) Most applications will work OK, but it's still possible that some are broken.


B) Setting "subjectAltName=commonName: <service cluster FQN>" should teoretically solve the problem, but the reality is different and many client apps don't know it.

It simply means that you have to thoroughly test all the client apps you plan to use.

Ciao, Michael.