Borresen, John - 0442 - MITLL wrote: > Thanks for your help with my last post. > > Now, the next task, will be setting up an N-way multimaster: > Server1 > Server2 > Server3 > Server4 > > Using TLS. To create the certificates, finding a lot of varying ideas via google, what is the "best practice" to create certificates to where I don't have to touch each client if a server goes down. Create a wildcard cert or use the subjectAltName in the openssl.cnf file? Personally I' prefer to issue separate certs to each replica. I use the server certs also as client cert for authenticating the replicas to each other with SASL/EXTERNAL. Ciao, Michael.
Description: S/MIME Cryptographic Signature