[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: multiple server certificates

--On Tuesday, April 29, 2008 2:57 PM -0700 Howard Chu <hyc@symas.com> wrote:

Hm, that sounds like a lot of work, and a bit too indirect. If the only
necessary selection criteria is the listener, then that should be used
explicitly. One thing that we've often talked about is why the listener
isn't part of the config data, instead of only supplied on the
command-line...

I'm also skeptical about the motivation for this discussion. If you have
separate certs from separate CAs, then you really have distinct security
domains so I don't understand why you need them to share databases. You
might as well just run separate slapds.

Multiple addresses from different domains on a given interface come to mind, where the database is particularly large, so you don't want to have multiple slapd's taking up the resources. That way each address could be secured via SSL, but access the same DB with a single slapd. Say, for example, x.google.org and y.google.com.

--Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration