[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antwort: Re: SSL certificates, kerberos keytabs, and load balancing [Virus checked]

To: Quanah Gibson-Mount <quanah@stanford.edu>
Subject: Antwort: Re: SSL certificates, kerberos keytabs, and load balancing [Virus checked]
From: denis.havlik@t-mobile.at
Date: Wed, 14 Apr 2004 10:42:04 +0200
Cc: openldap-software@OpenLDAP.org

>Actually, I'm not. ;) We stopped using verisign and moved to InstantSSL.
>The problem there is they do not support subjectAltName tags. Do you know
>a vendor that does? For various reasons, I cannot use self-signed certs on
>our production servers, or I'd just go that route.

Why would you use the self-signed certificates?

1) Self-signed certs aren't a particularly good solution security-wise
2) openLDAP software doesn't like them. (or maybe I've been doing something wrong at that time...)
3) Establishing an internal CA is not such a big deal.

CAs are a matter of trust. In a company, I trust the "security" folks in the IT, in the outside world I trust Verisign(*)...

regards
Denis
(*) Or I don't, but than I have a big problem. .-)

Follow-Ups:
- Re: Antwort: Re: SSL certificates, kerberos keytabs, and load balancing [Virus checked]
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: ldap problem
Next by Date: RE: ldap proxy to AD returns no results - take#2
Index(es):
- Chronological
- Thread