[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antwort: Re: SSL certificates, kerberos keytabs, and load balancing [Virus checked]

>Actually, I'm not. ;) We stopped using verisign and moved to InstantSSL.
>The problem there is they do not support subjectAltName tags.  Do you know
>a vendor that does?  For various reasons, I cannot use self-signed certs on
>our production servers, or I'd just go that route.

Why would you use the self-signed certificates?

1) Self-signed certs aren't a particularly good solution security-wise
2) openLDAP software doesn't like them. (or maybe I've been doing something wrong at that time...)
3) Establishing an internal CA is not such a big deal.

CAs are a matter of trust. In a company, I trust the "security" folks in the IT, in the outside world I trust Verisign(*)...

(*) Or I don't, but than I have a big problem. .-)