[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: N-Way-Multimaster Configuration

To: "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: N-Way-Multimaster Configuration
From: Michael Ströder <michael@stroeder.com>
Date: Tue, 14 Jan 2014 20:56:41 +0100
In-reply-to: <201401141923.s0EJNERG089333@boole.openldap.org>
References: <201401141923.s0EJNERG089333@boole.openldap.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0 SeaMonkey/2.23

Borresen, John - 0442 - MITLL wrote:
> Thanks for your help with my last post.
> 
> Now, the next task, will be setting up an N-way multimaster:
> Server1
> Server2
> Server3
> Server4
> 
> Using TLS.  To create the certificates, finding a lot of varying ideas via google, what is the "best practice" to create certificates to where I don't have to touch each client if a server goes down.  Create a wildcard cert or use the subjectAltName in the openssl.cnf file?

Personally I' prefer to issue separate certs to each replica. I use the server
certs also as client cert for authenticating the replicas to each other with
SASL/EXTERNAL.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- N-Way-Multimaster Configuration
  - From: "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu>

Prev by Date: Re: SETTING UP MONITOR
Next by Date: RE: N-Way-Multimaster Configuration
Index(es):
- Chronological
- Thread