Question: Right now, we have two OpenLDAP servers running in Delta-syncrepl and talking fine. All the clients are connecting to the primary over port 636. The question is on the best (practices) way of getting the secondary server into the certificate without re-hashing all the clients to the failover server's certificate. 1) Should I set up a Wildcard certificate? 2) Should I put both systems in the "subjectAltName" line and create the certifiate, etc? 3) DNS Round-Robin? Not 100% sure in which direction to go. Dave Borresen Solaris/Linux Systems Administrator Surveillance Systems Group MIT Lincoln Laboratory 244 Wood Street Lexington, MA 02420 |
Attachment:
smime.p7s
Description: S/MIME cryptographic signature