[Date Prev][Date Next]
Antwort: Re: SSL certificates, kerberos keytabs, and load balancing [Virus checked]
>Actually, I'm not. ;) We stopped using verisign and moved to InstantSSL.
>The problem there is they do not support subjectAltName tags. Do you know
>a vendor that does? For various reasons, I cannot use self-signed certs on
>our production servers, or I'd just go that route.
Why would you use the self-signed certificates?
1) Self-signed certs aren't a particularly good solution security-wise
2) openLDAP software doesn't like them. (or maybe I've been doing something wrong at that time...)
3) Establishing an internal CA is not such a big deal.
CAs are a matter of trust. In a company, I trust the "security" folks in the IT, in the outside world I trust Verisign(*)...
(*) Or I don't, but than I have a big problem. .-)