[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: N-Way-Multimaster Configuration

To: "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu>, openldap-technical@openldap.org
Subject: Re: N-Way-Multimaster Configuration
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Tue, 14 Jan 2014 11:33:31 -0800
Content-disposition: inline
Dkim-filter: OpenDKIM Filter v2.8.4 edge02.zimbra.com 814F1A62A1
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zimbra.com; s=C2AA288C-EE47-11E2-9BB0-E820BDD9BDBF; t=1389728013; bh=/9CuEaAdFgFh1PQjxeY4ozy+pehRGT9hFxhQlV+veKE=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Transfer-Encoding; b=ZQn3bKiHGpRRMo7PRvbQRa38VJ9yNDVocuXp7RPHUutcBgcFfve8DdGJdUjDypr62 AO2hvS6wgq7MQ66/Aw/PrD+ASQpk1FtwZtdqVlqbtMHEVuDITQIUkUiiMiKIGdusFL IbbZm9ac5afJwd2x4vwhB8AEp4rxXazslFynajak=
In-reply-to: <20140114192329.3FEE944245@edge01.zimbra.com>
References: <20140114192329.3FEE944245@edge01.zimbra.com>

--On Tuesday, January 14, 2014 2:22 PM -0500 "Borresen, John - 0442 -MITLL" <John.Borresen@ll.mit.edu> wrote:



Thanks for your help with my last post.



Now, the next task, will be setting up an N-way multimaster:

Server1

Server2

Server3

Server4



Using TLS.  To create the certificates, finding a lot of varying ideas
via google, what is the "best practice" to create certificates to
where I don't have to touch each client if a server goes down.  Create
a wildcard cert or use the subjectAltName in the openssl.cnf file?

I prefer to use a wildcard cert. I would note that a technically correctwildcard cert has *.domain in subjectAltname. On the flip side, virtuallyno CA creates certs that are compliant with the RFC for wildcards.


--Quanah


--

Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Prev by Date: N-Way-Multimaster Configuration
Next by Date: Re: N-Way-Multimaster Configuration
Index(es):
- Chronological
- Thread