[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl over TLS for mirrormode

On Saturday, 27 August 2011 22:37:59 Daniel Qian wrote:
> Yes I wasn't aware of subjectAltName and I am still not sure if nss_ldap
> in the OS honors that but I will test it out. Thanks Chris for answering
> back.

nss_ldap supports it if the underlying ldap library supports it.

Solaris' ldapclient doesn't ...

So (since we have a few Solaris boxes), we use individual certs where the 
subject is the same (the canonical name of the load-balanced servers), with 
subjectAltNames for all the additional names/IPs for the individual server.