[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [SOLVED] Re: multiple servers in DNS and TLS

manu@netbsd.org (Emmanuel Dreyfus) writes:

> Quanah Gibson-Mount <quanah@zimbra.com> wrote:
>> > Is there some kind of trick to get this done properly?
>> Use a cert with a correct subjectAltName, or a wildcard cert.
> For future reference:
> Assuming we have in the DNS the following RR:
> foo     IN      A
> bar     IN      A
> ldap    1 IN    A
> ldap    1 IN    A
> Create certificate for foo:
> subjectAltName=DNS:ldap.example.net,DNS:foo.example.net
> CN=ldap.example.net
> Create certificate for bar:
> subjectAltName=DNS:ldap.example.net,DNS:bar.example.net
> CN=ldap.example.net

I know that the subjectAltName type DNS is recommended, but RFC 4513
refers to type dNSName. Is there any reason that OpenLDAP requires
type DNS?


Dieter Klünter | Systemberatung