[Date Prev][Date Next]
Re: Syncrepl over TLS for mirrormode
On Saturday, 27 August 2011 22:37:59 Daniel Qian wrote:
> Yes I wasn't aware of subjectAltName and I am still not sure if nss_ldap
> in the OS honors that but I will test it out. Thanks Chris for answering
nss_ldap supports it if the underlying ldap library supports it.
Solaris' ldapclient doesn't ...
So (since we have a few Solaris boxes), we use individual certs where the
subject is the same (the canonical name of the load-balanced servers), with
subjectAltNames for all the additional names/IPs for the individual server.