[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: N-Way-Multimaster Configuration

To: "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu>
Subject: Re: N-Way-Multimaster Configuration
From: Brian Reichert <reichert@numachi.com>
Date: Tue, 14 Jan 2014 14:31:58 -0500
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-disposition: inline
In-reply-to: <201401141923.s0EJNERG089333@boole.openldap.org>
References: <201401141923.s0EJNERG089333@boole.openldap.org>
User-agent: Mutt/1.5.9i

On Tue, Jan 14, 2014 at 02:22:53PM -0500, Borresen, John - 0442 - MITLL wrote:
> Using TLS.  To create the certificates, finding a lot of varying ideas via google, what is the "best practice" to create certificates to where I don't have to touch each client if a server goes down.  Create a wildcard cert or use the subjectAltName in the openssl.cnf file?

Is this a public-facing server, or strictly internally facing?

Will you be using an in-house CA?

I'm a fan of an in-house CA (note: note the same as a self-signed
cert), and a well-populated SAN list, possibly incorporating IP
addresses as well.

> John D. Borresen (Dave)
> Linux/Unix Systems Administrator
> MIT  Lincoln Laboratory
> Surveillance Systems Group
> 244 Wood St
> Lexington, MA  02420
> Email: john.borresen@ll.mit.edu<mailto:john.borresen@ll.mit.edu>

-- 
Brian Reichert				<reichert@numachi.com>
BSD admin/developer at large

Follow-Ups:
- RE: N-Way-Multimaster Configuration
  - From: "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu>
- Re: N-Way-Multimaster Configuration
  - From: Brian Reichert <reichert@numachi.com>

References:
- N-Way-Multimaster Configuration
  - From: "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu>

Prev by Date: Re: N-Way-Multimaster Configuration
Next by Date: Re: SETTING UP MONITOR
Index(es):
- Chronological
- Thread