[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Secure replication



Ulrich Windl wrote:
>>>> Michael Ströder <michael@stroeder.com> schrieb am 08.05.2017 um 23:39 in
>> When running different replicas which terminate TLS themselves you can issue a
>> different server cert with distinct subject-DN for each of them and put FQDN(s) of
>> the same HA address(es) (e.g. of your load-balancer(s)) into subjectAltName
>> extension in all these different server certs.
> 
> So you have one certificate for all servers, and the answer is that you cannot
> have different certificates? If so, we had discussed that before. I thought you
> were advising otherwise now, and I was surprised how that would work.

Did you deliberately misread my answer? I cannot imagine how I can make more clear that I
have different certs on all replicas. And probably you also misread my former postings
about that topic.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature