>> >commonName=ldap1.example.com >> >subjectAltName=commonName: ldap.example.com
>You should test whether all your SSL/TLS-enabled LDAP applications really >look at subjectAltName extension!
Does this mean:
A) Most applications will work OK, but it's still possible that some are broken.
or
B) Setting "subjectAltName=commonName: <service cluster FQN>" should teoretically solve the problem, but the reality is different and many client apps don't know it.
Ciao, Michael.