[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slurpd over SSL

To: openldap-software@OpenLDAP.org
Subject: Re: Slurpd over SSL
From: Tony Earnshaw <tonye@billy.demon.nl>
Date: Fri, 21 Nov 2003 01:46:17 +0100
In-reply-to: <20031120190621.34738.qmail@web21506.mail.yahoo.com>
References: <20031120190621.34738.qmail@web21506.mail.yahoo.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031030

Estevam Viragh wrote:

Yes, The master and slave have both the same
certificates. I assumed it is fine given that I used
heavymetal.com as commonName, the domain name.

Each host's public cert should be issued for the FQDN of that host as subject and as the rest of the network will see it. Not for the domain. You cannot use a single certificate for more than one host (unless you're into the subjectAltName game, but that's a different story ;) Each server cert should be signed by one single CA and that CA cert made available to each host and client.

--Tonni

--
Tony Earnshaw

If my mail server refuses your
mail resend to:

billy at billy.demon.nl
http: www.billy.demon.nl

Follow-Ups:
- Re: Slurpd over SSL
  - From: Mark <mark@rusautogaz.ru>

References:
- RE: Slurpd over SSL
  - From: Estevam Viragh <estevamviragh@yahoo.com.br>

Prev by Date: bdb corruption when openldap is stressed
Next by Date: Re: Updating ShadowLastChange with slurpd
Index(es):
- Chronological
- Thread