[Date Prev][Date Next]
Re: N-Way-Multimaster Configuration
On Tue, Jan 14, 2014 at 02:22:53PM -0500, Borresen, John - 0442 - MITLL wrote:
> Using TLS. To create the certificates, finding a lot of varying ideas via google, what is the "best practice" to create certificates to where I don't have to touch each client if a server goes down. Create a wildcard cert or use the subjectAltName in the openssl.cnf file?
Is this a public-facing server, or strictly internally facing?
Will you be using an in-house CA?
I'm a fan of an in-house CA (note: note the same as a self-signed
cert), and a well-populated SAN list, possibly incorporating IP
addresses as well.
> John D. Borresen (Dave)
> Linux/Unix Systems Administrator
> MIT Lincoln Laboratory
> Surveillance Systems Group
> 244 Wood St
> Lexington, MA 02420
> Email: firstname.lastname@example.org<mailto:email@example.com>
Brian Reichert <firstname.lastname@example.org>
BSD admin/developer at large