Ulrich Windl wrote: >>>> Michael Ströder <michael@stroeder.com> schrieb am 08.05.2017 um 23:39 in >> When running different replicas which terminate TLS themselves you can issue a >> different server cert with distinct subject-DN for each of them and put FQDN(s) of >> the same HA address(es) (e.g. of your load-balancer(s)) into subjectAltName >> extension in all these different server certs. > > So you have one certificate for all servers, and the answer is that you cannot > have different certificates? If so, we had discussed that before. I thought you > were advising otherwise now, and I was surprised how that would work. Did you deliberately misread my answer? I cannot imagine how I can make more clear that I have different certs on all replicas. And probably you also misread my former postings about that topic. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature