[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: N-Way-Multimaster Configuration

--On Tuesday, January 14, 2014 2:22 PM -0500 "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu> wrote:

Thanks for your help with my last post.

Now, the next task, will be setting up an N-way multimaster:





Using TLS.  To create the certificates, finding a lot of varying ideas
via google, what is the "best practice" to create certificates to
where I don't have to touch each client if a server goes down.  Create
a wildcard cert or use the subjectAltName in the openssl.cnf file?

I prefer to use a wildcard cert. I would note that a technically correct wildcard cert has *.domain in subjectAltname. On the flip side, virtually no CA creates certs that are compliant with the RFC for wildcards.



Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
Zimbra ::  the leader in open source messaging and collaboration