[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: N-way multi master configuration issue

To: "E.S. Rosenberg" <esr+openldap@g.jct.ac.il>
Subject: Re: N-way multi master configuration issue
From: Dmitriy Kirhlarov <dimma@higis.ru>
Date: Mon, 05 Sep 2011 16:40:53 +0400
Cc: openldap-technical@openldap.org
In-reply-to: <CAHTx_BMV+Pr6JuzMKquu1tEWyhkhrU8WprdKe5iXeELF0OYEkw@mail.gmail.com>
References: <4A4577058A416A4B979BCD934AD213D02A7DCF@GUREXMB02.ASIAN.AD.ARICENT.COM> <201108261526.22645.bgmilne@staff.telkomsa.net> <4A4577058A416A4B979BCD934AD213D02A7E32@GUREXMB02.ASIAN.AD.ARICENT.COM> <201108261545.15652.bgmilne@staff.telkomsa.net> <4DD67EA1E076B6468D016960A738DF0C0BA0AC2358@GUREXMB02.ASIAN.AD.ARICENT.COM> <4A4577058A416A4B979BCD934AD213D00B72F3@GUREXMB02.ASIAN.AD.ARICENT.COM> <4E5DBCCC.4000101@higis.ru> <CAHTx_BMV+Pr6JuzMKquu1tEWyhkhrU8WprdKe5iXeELF0OYEkw@mail.gmail.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11

Hi.

04.09.2011 15:44, E.S. Rosenberg ÐÐÑÐÑ:

1. You can use one certificate with several names
(http://therowes.net/~greg/2008/01/08/creating-a-certificate-with-multiple-hostnames/)
2. or you can use one certificate per host (name inside certificate should
be the same, as dns-name for clients connections)


Or one wildcard certificate (*.yourdomain.tld).


Hm.. It can work, but...

SSL Certificate should *confirm* something (e-mail, username or serveraddress). wildcard certificate -- security hole, for me, because it"confirm" anything.

WBR

References:
- Re: N-way multi master configuration issue
  - From: "E.S. Rosenberg" <esr+openldap@g.jct.ac.il>

Prev by Date: RE: N-way multi master configuration issue
Next by Date: Re:Slapd-meta stop at the first unreachable candidate
Index(es):
- Chronological
- Thread